Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2024-6741

    Openfind's Mail2000 has a vulnerability that allows the HttpOnly flag to be bypassed. Unauthenticated remote attackers can exploit this vulnerability using specific JavaScript code to obtain the session cookie with the HttpOnly flag enabled.... Read more

    Affected Products : mail2000
    • Published: Jul. 15, 2024
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2024-5196

    A vulnerability classified as critical has been found in Arris VAP2500 08.50. This affects an unknown part of the file /tools_command.php. The manipulation of the argument cmb_header/txt_command leads to command injection. It is possible to initiate the a... Read more

    Affected Products : vap2500_firmware
    • Published: May. 22, 2024
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2024-56323

    OpenFGA is an authorization/permission engine. IN OpenFGA v1.3.8 to v1.8.2 (Helm chart openfga-0.1.38 to openfga-0.2.19, docker v1.3.8 to v.1.8.2) are vulnerable to authorization bypass under the following conditions: 1. calling Check API or ListObjects ... Read more

    Affected Products : openfga
    • Published: Jan. 13, 2025
    • Modified: Jan. 13, 2025
    • Vuln Type: Authorization

  • 5.8

    MEDIUM
    CVE-2023-20215

    A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass a configured rule, allowing traffic onto a network that should have been blocked. This vulnerabil... Read more

    • Published: Aug. 03, 2023
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2023-1587

    Avast and AVG Antivirus for Windows were susceptible to a NULL pointer dereference issue via RPC-interface. The issue was fixed with Avast and AVG Antivirus version 22.11... Read more

    Affected Products : antivirus windows anti-virus
    • Published: Apr. 19, 2023
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2023-0809

    In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.... Read more

    Affected Products : mosquitto
    • Published: Oct. 02, 2023
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2023-0531

    A vulnerability classified as critical has been found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file admin/booking_report.php. The manipulation of the argument to_date leads to sql injection. It... Read more

    • Published: Jan. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2023-0533

    A vulnerability, which was classified as critical, has been found in SourceCodester Online Tours & Travels Management System 1.0. Affected by this issue is some unknown functionality of the file admin/expense_report.php. The manipulation of the argument f... Read more

    • Published: Jan. 27, 2023
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2023-0319

    An issue has been discovered in GitLab affecting all versions starting from 13.6 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1, allowing to read environment names supposed to be restricted to... Read more

    Affected Products : gitlab
    • Published: Apr. 05, 2023
    • Modified: Feb. 11, 2025

  • 5.8

    MEDIUM
    CVE-2009-2693

    Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry... Read more

    Affected Products : tomcat
    • Published: Jan. 28, 2010
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2009-0652

    The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and ... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Feb. 20, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2010-2029

    Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user's cell phone.... Read more

    Affected Products : cybozu_office cybozu_dotsales
    • Published: May. 24, 2010
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2022-41064

    .NET Framework Information Disclosure Vulnerability... Read more

    • Published: Nov. 09, 2022
    • Modified: Jan. 02, 2025

  • 5.8

    MEDIUM
    CVE-2019-2816

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows un... Read more

    • Published: Jul. 23, 2019
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2022-36328

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to create arbitrary shares on arbitrary directories and exfiltrate sensitive files, passwords, users and device configurations was di... Read more

    • Published: May. 18, 2023
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2020-5865

    In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle (MiTM) attacks.... Read more

    Affected Products : cloud_backup nginx_controller
    • Published: Apr. 23, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2022-29435

    Cross-Site Request Forgery (CSRF) vulnerability in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress allows an attacker to delete or to turn on/off snippets.... Read more

    Affected Products : code_snippets_extended
    • Published: May. 17, 2022
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2022-21376

    Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 18.0.0.0-18.0.3.0, 19.0.0.0-19.0.1.2 and 20.0.0.0. Easily exploitable vulnerability allows... Read more

    Affected Products : primavera_portfolio_management
    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2022-20950

    A vulnerability in the interaction of SIP and Snort 3 for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to restart. This vulnerability is due to a lack of error-check... Read more

    Affected Products : firepower_threat_defense
    • Published: Nov. 15, 2022
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2022-1577

    The Database Backup for WordPress plugin before 2.5.2 does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them via a CSRF attack. This could lead to cases where attac... Read more

    Affected Products : database_backup
    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294863 Results