Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2019-5955

    CREATE SD official App for Android version 1.0.2 and earlier allows remote attackers to bypass access restriction to lead a user to access an arbitrary website via vulnerable application and conduct phishing attacks.... Read more

    Affected Products : create_sd
    • Published: May. 17, 2019
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2019-5966

    Joruri Mail 2.1.4 and earlier does not properly manage sessions, which allows remote attackers to impersonate an arbitrary user and alter/disclose the information via unspecified vectors.... Read more

    Affected Products : joruri_mail
    • Published: Jul. 05, 2019
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2019-5433

    A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another (unsafe) domain, potentially used for stealing credentials or oth... Read more

    Affected Products : revive_adserver revive_adserver
    • Published: May. 06, 2019
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2019-5426

    In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the "local port forwarding" and "dynamic port forwarding" (SOCKS proxy) functionalities. Remote attackers without credentials can exploit this bug to access local services... Read more

    Affected Products : edgeswitch_x
    • Published: Apr. 10, 2019
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2008-3743

    Multiple cross-site request forgery (CSRF) vulnerabilities in forms in Drupal 6.x before 6.4 allow remote attackers to perform unspecified actions via unknown vectors, related to improper token validation for (1) cached forms and (2) forms with AHAH eleme... Read more

    Affected Products : drupal
    • Published: Aug. 27, 2008
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2019-2773

    Vulnerability in the Oracle Payments component of Oracle E-Business Suite (subcomponent: File Transmission). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker wit... Read more

    Affected Products : payments
    • Published: Jul. 23, 2019
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2008-4325

    lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the HTTP request for the Content-Type header in the HTTP response, which allows remote attackers to cause content to be misinterpreted by the browser via a content-type parameter that is inc... Read more

    Affected Products : viewvc
    • Published: Sep. 30, 2008
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2020-10687

    A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attac... Read more

    • Published: Sep. 23, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2012-0146

    Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnera... Read more

    Affected Products : forefront_unified_access_gateway
    • Published: Apr. 10, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2019-25076

    The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service (delays of legitimate traffic) via crafted packet data that requires excessive evaluation time within the packet class... Read more

    Affected Products : openvswitch
    • Published: Sep. 08, 2022
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2024-52529

    Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For users with the following configuration: 1. An allow policy that selects a Layer 3 destination and a port range `AND` 2. A Layer 7 allow policy that selects a sp... Read more

    Affected Products : cilium
    • Published: Nov. 25, 2024
    • Modified: Sep. 03, 2025

  • 5.8

    MEDIUM
    CVE-2008-3222

    Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed modules "terminate the current request during a login event," allows remote attackers to hijack web sessions via unknown vectors.... Read more

    Affected Products : fedora drupal
    • Published: Jul. 18, 2008
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2006-1008

    Multiple cross-site scripting (XSS) vulnerabilities in N8cms 1.1 and 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) dir and (2) page_id parameter to (a) index.php and (3) userid parameter to (b) mailto.php. NOTE: it is poss... Read more

    Affected Products : n8cms_sitesuite_cms
    • Published: Mar. 06, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2018-11002

    Pulse Secure Desktop Client 5.3 up to and including R6.0 build 1769 on Windows has Insecure Permissions.... Read more

    • Published: Nov. 29, 2018
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2023-6803

    A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4,... Read more

    Affected Products : enterprise_server
    • Published: Dec. 21, 2023
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2025-54734

    Missing Authorization vulnerability in bPlugins B Slider allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects B Slider: from n/a through 1.1.30.... Read more

    Affected Products :
    • Published: Aug. 28, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Authorization

  • 5.8

    MEDIUM
    CVE-2008-2027

    Open redirect vulnerability in WebID/IISWebAgentIF.dll in RSA Authentication Agent 5.3.0.258 for Web for IIS, when accessed via certain browsers such as Mozilla Firefox, allows remote attackers to redirect users to arbitrary web sites and conduct phishing... Read more

    Affected Products : authentication_agent
    • Published: Apr. 30, 2008
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2020-16248

    Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability... Read more

    Affected Products : blackbox_exporter
    • Published: Aug. 09, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2019-1981

    A vulnerability in the normalization functionality of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering pr... Read more

    • Published: Nov. 05, 2019
    • Modified: Nov. 26, 2024

  • 5.8

    MEDIUM
    CVE-2019-1978

    A vulnerability in the stream reassembly component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering pr... Read more

    • Published: Nov. 05, 2019
    • Modified: Nov. 26, 2024
Showing 20 of 294837 Results