Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2022-31175

    CKEditor 5 is a JavaScript rich text editor. A cross-site scripting vulnerability has been discovered affecting three optional CKEditor 5's packages in versions prior to 35.0.1. The vulnerability allowed to trigger a JavaScript code after fulfilling speci... Read more

    • Published: Aug. 03, 2022
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2022-25896

    This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed.... Read more

    Affected Products : passport
    • Published: Jul. 01, 2022
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2020-14410

    SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file.... Read more

    • Published: Jan. 19, 2021
    • Modified: Mar. 20, 2025

  • 5.8

    MEDIUM
    CVE-2022-23115

    Cross-site request forgery (CSRF) vulnerabilities in Jenkins batch task Plugin 1.19 and earlier allows attackers with Overall/Read access to retrieve logs, build or delete a batch task.... Read more

    Affected Products : batch_task
    • Published: Jan. 12, 2022
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2023-32468

    Dell ECS Streamer, versions prior to 2.0.7.1, contain an insertion of sensitive information in log files vulnerability. A remote malicious high-privileged user could potentially exploit this vulnerability leading to exposure of this sensitive data. ... Read more

    Affected Products : ecs_streamer
    • Published: Jul. 26, 2023
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2004-2763

    The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are ... Read more

    Affected Products : one_web_server iplanet_web_server
    • Published: Jun. 01, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2023-32264

    CWE-1385 vulnerability in OpenText Documentum D2 affecting versions16.5.1 to CE 23.2. The vulnerability could allow upload arbitrary code and execute it on the client's computer. ... Read more

    Affected Products :
    • Published: Mar. 08, 2024
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2004-2649

    Eudora 6.1.0.6 allows remote attackers to obfuscate URLs displayed in the status bar by inserting a large number of characters (e.g. spaces coded as "&#32") in the middle of the URL.... Read more

    Affected Products : eudora
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2004-2563

    Serena TeamTrack 6.1.1 allows remote attackers to obtain sensitive information such as user names, versions, and database information, and conduct cross-site scripting (XSS) attacks, via a direct request to tmtrack.dll with modified LoginPage and Template... Read more

    Affected Products : serena_teamtrack
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2021-34753

    A vulnerability in the payload inspection for Ethernet Industrial Protocol (ENIP) traffic for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic. This vulnerability ... Read more

    • Published: Nov. 15, 2024
    • Modified: Aug. 07, 2025

  • 5.8

    MEDIUM
    CVE-2021-33663

    SAP NetWeaver AS ABAP, versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83,7.84, allows an unauthorized attacker to... Read more

    Affected Products : netweaver_application_server_abap
    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2020-5217

    In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. If user-supplied input was passed into append/override_content_security_policy_directives, a semicolon could be injected... Read more

    Affected Products : secure_headers
    • Published: Jan. 23, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2020-3564

    A vulnerability in the FTP inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass FTP inspection. The vulnerability is due to ineffe... Read more

    • Published: Oct. 21, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2020-2568

    Vulnerability in the Oracle Applications DBA component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with l... Read more

    Affected Products : applications_dba database
    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2020-24444

    AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM 6.4 Service Pack 8 Cumulative Fix Pack 2 (6.4.8.2) have a blind Server-Side Request Forgery (SSRF) vulnerability. This vulnerability could be exploited by an unauthenticated attacker to... Read more

    • Published: Dec. 10, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2020-10577

    An issue was discovered in Janus through 0.9.1. janus.c has multiple concurrent threads that misuse the source property of a session, leading to a race condition when claiming sessions.... Read more

    Affected Products : janus
    • Published: Mar. 14, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2018-2635

    Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Login). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Difficult to exploit vulnerability allows unauth... Read more

    • Published: Jan. 18, 2018
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2019-5531

    VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b, and 6.0 prior to 6.0 U3j) contain an information discl... Read more

    • Published: Sep. 18, 2019
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2023-20270

    A vulnerability in the interaction between the Server Message Block (SMB) protocol preprocessor and the Snort 3 detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the configured pol... Read more

    Affected Products : firepower_threat_defense
    • Published: Nov. 01, 2023
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2019-2783

    Vulnerability in the Oracle Payments component of Oracle E-Business Suite (subcomponent: File Transmission). Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker wit... Read more

    Affected Products : payments
    • Published: Jul. 23, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 294848 Results