Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2008-3909

    The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delet... Read more

    Affected Products : django django
    • Published: Sep. 04, 2008
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2015-4871

    Unspecified vulnerability in Oracle Java SE 7u85 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.... Read more

    Affected Products : jdk jre
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2002-2361

    The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing.... Read more

    Affected Products : messenger
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2019-6795

    An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Insufficient Visual Distinction of Homoglyphs Presented to a User. IDN homographs and RTLO characters are rendered to ... Read more

    Affected Products : gitlab
    • Published: Sep. 09, 2019
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2002-1533

    Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine allows remote attackers to insert arbitrary HTML or script via an HTTP request to a .jsp file whose name contains the malicious script and some encoded linefeed characters (%0a).... Read more

    Affected Products : jetty
    • Published: Mar. 31, 2003
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2019-5955

    CREATE SD official App for Android version 1.0.2 and earlier allows remote attackers to bypass access restriction to lead a user to access an arbitrary website via vulnerable application and conduct phishing attacks.... Read more

    Affected Products : create_sd
    • Published: May. 17, 2019
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2019-5966

    Joruri Mail 2.1.4 and earlier does not properly manage sessions, which allows remote attackers to impersonate an arbitrary user and alter/disclose the information via unspecified vectors.... Read more

    Affected Products : joruri_mail
    • Published: Jul. 05, 2019
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2019-5433

    A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another (unsafe) domain, potentially used for stealing credentials or oth... Read more

    Affected Products : revive_adserver revive_adserver
    • Published: May. 06, 2019
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2019-5426

    In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the "local port forwarding" and "dynamic port forwarding" (SOCKS proxy) functionalities. Remote attackers without credentials can exploit this bug to access local services... Read more

    Affected Products : edgeswitch_x
    • Published: Apr. 10, 2019
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2008-3743

    Multiple cross-site request forgery (CSRF) vulnerabilities in forms in Drupal 6.x before 6.4 allow remote attackers to perform unspecified actions via unknown vectors, related to improper token validation for (1) cached forms and (2) forms with AHAH eleme... Read more

    Affected Products : drupal
    • Published: Aug. 27, 2008
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2019-2773

    Vulnerability in the Oracle Payments component of Oracle E-Business Suite (subcomponent: File Transmission). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker wit... Read more

    Affected Products : payments
    • Published: Jul. 23, 2019
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2008-4325

    lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the HTTP request for the Content-Type header in the HTTP response, which allows remote attackers to cause content to be misinterpreted by the browser via a content-type parameter that is inc... Read more

    Affected Products : viewvc
    • Published: Sep. 30, 2008
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2020-10687

    A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attac... Read more

    • Published: Sep. 23, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2012-0146

    Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnera... Read more

    Affected Products : forefront_unified_access_gateway
    • Published: Apr. 10, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2019-25076

    The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service (delays of legitimate traffic) via crafted packet data that requires excessive evaluation time within the packet class... Read more

    Affected Products : openvswitch
    • Published: Sep. 08, 2022
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2024-52529

    Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For users with the following configuration: 1. An allow policy that selects a Layer 3 destination and a port range `AND` 2. A Layer 7 allow policy that selects a sp... Read more

    Affected Products : cilium
    • Published: Nov. 25, 2024
    • Modified: Sep. 03, 2025

  • 5.8

    MEDIUM
    CVE-2008-3222

    Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed modules "terminate the current request during a login event," allows remote attackers to hijack web sessions via unknown vectors.... Read more

    Affected Products : fedora drupal
    • Published: Jul. 18, 2008
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2006-1008

    Multiple cross-site scripting (XSS) vulnerabilities in N8cms 1.1 and 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) dir and (2) page_id parameter to (a) index.php and (3) userid parameter to (b) mailto.php. NOTE: it is poss... Read more

    Affected Products : n8cms_sitesuite_cms
    • Published: Mar. 06, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2018-11002

    Pulse Secure Desktop Client 5.3 up to and including R6.0 build 1769 on Windows has Insecure Permissions.... Read more

    • Published: Nov. 29, 2018
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2023-6803

    A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.12, 3.9.7, 3.10.4,... Read more

    Affected Products : enterprise_server
    • Published: Dec. 21, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 294848 Results