Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2019-1982

    A vulnerability in the HTTP traffic filtering component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filteri... Read more

    • Published: Nov. 05, 2019
    • Modified: Nov. 26, 2024

  • 5.8

    MEDIUM
    CVE-2019-16781

    In WordPress before 5.3.1, authenticated users with lower privileges (like contributors) can inject JavaScript code in the block editor, which is executed within the dashboard. It can lead to an admin opening the affected post in the editor leading to XSS... Read more

    Affected Products : debian_linux wordpress
    • Published: Dec. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2004-1101

    mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash), leak sensitive pathname information in the resulting error message, and execute a cross-site scripting (XSS) attack via a... Read more

    Affected Products : mailpost
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2019-15971

    A vulnerability in the MP3 detection engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper validat... Read more

    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2019-0817

    A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0858.... Read more

    Affected Products : exchange_server
    • Published: Apr. 09, 2019
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2018-8247

    An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka "Microsoft Office Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Office Onl... Read more

    • Published: Jun. 14, 2018
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2018-8153

    A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Spoofing Vulnerability." This affects Microsoft Exchange Server.... Read more

    Affected Products : exchange_server
    • Published: May. 09, 2018
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2018-8008

    Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7... Read more

    Affected Products : storm
    • Published: Jun. 05, 2018
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2025-8716

    In Content Management versions 20.4- 25.3 authenticated attackers may exploit a complex cache poisoning technique to download unprotected files from the server if the filenames are known.... Read more

    Affected Products :
    • Published: Sep. 11, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Misconfiguration

  • 5.8

    MEDIUM
    CVE-2023-22662

    Improper input validation of EpsdSrMgmtConfig in UEFI firmware for some Intel(R) Server Board S2600BP products may allow a privileged user to potentially enable denial of service via local access.... Read more

    Affected Products :
    • Published: May. 16, 2024
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2017-12353

    A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerabil... Read more

    Affected Products : asyncos
    • Published: Nov. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.8

    MEDIUM
    CVE-2017-10400

    Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration Graphical User Interface). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker w... Read more

    Affected Products : glassfish_server
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 5.8

    MEDIUM
    CVE-2017-10063

    Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.1 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated a... Read more

    Affected Products : weblogic_server
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.8

    MEDIUM
    CVE-2025-36756

    A problem with missing authorization on SolaX Cloud platform allows taking over any SolaX solarpanel inverter of which the serial number is known.... Read more

    Affected Products :
    • Published: Sep. 10, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Authorization

  • 5.8

    MEDIUM
    CVE-2018-20576

    Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phone_test.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem... Read more

    • Published: Dec. 28, 2018
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2016-4604

    Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the displayed URL via an HTTP response specifying redirection to an invalid TCP port number.... Read more

    Affected Products : iphone_os safari
    • Published: Jul. 22, 2016
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2016-1730

    WebSheet in Apple iOS before 9.2.1 allows remote attackers to read or write to cookies by operating a crafted captive portal.... Read more

    Affected Products : iphone_os
    • Published: Feb. 01, 2016
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2015-7823

    Open redirect vulnerability in CMSPages/GetDocLink.ashx in Kentico CMS 8.2 through 8.2.41 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the link parameter.... Read more

    Affected Products : kentico kentico_cms
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2015-3963

    Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x before 6.9.4.4, and 7.x before 7 ipnet_coreip 1.2.2.0, as used on Schneider Electric SAGE RTU devices before J2 and other devices, does not properly generate TC... Read more

    • Published: Aug. 04, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2020-8226

    A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allowed remote image dimensions check to be used to SSRF.... Read more

    Affected Products : phpbb
    • Published: Aug. 17, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294846 Results