Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2023-36472

    Strapi is an open-source headless content management system. Prior to version 4.11.7, an unauthorized actor can get access to user reset password tokens if they have the configure view permissions. The `/content-manager/relations` route does not remove pr... Read more

    Affected Products : strapi
    • Published: Sep. 15, 2023
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2012-5805

    The PayPal IPN functionality in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a... Read more

    • Published: Nov. 04, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2012-5812

    The ACRA library for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary ... Read more

    Affected Products : acra_library
    • Published: Nov. 04, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2012-5813

    The Android_Pusher library for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an ... Read more

    Affected Products : android_pusher
    • Published: Nov. 04, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2024-45281

    SAP BusinessObjects Business Intelligence Platform allows a high privilege user to run client desktop applications even if some of the DLLs are not digitally signed or if the signature is broken. The attacker needs to have local access to the vulnerable s... Read more

    • Published: Sep. 10, 2024
    • Modified: Sep. 10, 2024

  • 5.8

    MEDIUM
    CVE-2023-39958

    Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versions 22.2.10.13, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, missing protection allows an attacker to brute force the cl... Read more

    Affected Products : nextcloud_server notes
    • Published: Aug. 10, 2023
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2019-12551

    In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the Memcpy function (provided by the scripting engine) allows an attacker to overwrite arbitrary memory, which could lead to code execution.... Read more

    Affected Products : 010_editor
    • Published: Jul. 22, 2019
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-37862

    Mattermost 6.0 and earlier fails to sufficiently validate the email address during registration, which allows attackers to trick users into signing up using attacker-controlled email addresses via crafted invitation token.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Dec. 17, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2015-2014

    Open redirect vulnerability in the web server in IBM Domino 8.5 before 8.5.3 FP6 IF9 and 9.0 before 9.0.1 FP4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via a crafted... Read more

    Affected Products : domino
    • Published: Aug. 23, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2012-5820

    The developer-account sample code in Google AdMob does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL serv... Read more

    Affected Products : admob
    • Published: Nov. 04, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2013-6006

    Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request.... Read more

    Affected Products : garoon
    • Published: Dec. 28, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2020-9860

    A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 13.0.5. Processing a maliciously crafted URL may lead to arbitrary javascript code execution.... Read more

    Affected Products : safari
    • Published: Oct. 27, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2015-3624

    Cross-site request forgery (CSRF) vulnerability in Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.120) allows remote attackers to hijack the authentication of content adminis... Read more

    Affected Products : ektron_content_management_system
    • Published: Jun. 09, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2012-5170

    Open redirect vulnerability in Pebble before 2.6.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.... Read more

    Affected Products : pebble
    • Published: Nov. 04, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2015-4371

    Open redirect vulnerability in the Perfecto module before 7.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter.... Read more

    Affected Products : perfecto
    • Published: Jun. 15, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2013-4912

    Open redirect vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks by leveraging improper configuration of SIMATIC HMI panels by the WinCC product... Read more

    Affected Products : wincc wincc_tia_portal
    • Published: Aug. 01, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2012-5791

    PayPal Invoicing does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certif... Read more

    Affected Products : invoicing
    • Published: Nov. 04, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2013-5038

    The HOT HOTBOX router with software 2.1.11 allows remote attackers to bypass authentication by configuring a source IP address that had previously been used for an authenticated session.... Read more

    • Published: Dec. 30, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2015-4529

    Open redirect vulnerability in EMC Documentum WebTop before 6.8P02, Documentum Administrator before 7.2P01, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7, and Documentum Task Space through 6.7SP2 allows remote ... Read more

    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2008-7295

    Microsoft Internet Explorer cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of ... Read more

    Affected Products : internet_explorer
    • Published: Aug. 09, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 294863 Results