Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2024-6647

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in Croogo up to 4.0.7. This affects an unknown part of the file admin/settings/settings/prefix/Theme of the component Setting Handler. The manipulation of the argument C... Read more

    Affected Products : croogo
    • Published: Jul. 10, 2024
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2019-11767

    Server side request forgery (SSRF) in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function.... Read more

    Affected Products : phpbb
    • Published: May. 05, 2019
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2018-1999020

    Open Networking Foundation (ONF) ONOS version 1.13.2 and earlier version contains a Directory Traversal vulnerability in core/common/src/main/java/org/onosproject/common/app/ApplicationArchive.java line 35 that can result in arbitrary file deletion (overw... Read more

    Affected Products : onos
    • Published: Jul. 23, 2018
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2014-4336

    The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an inco... Read more

    Affected Products : cups-filters
    • Published: Jun. 22, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2014-2900

    wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle attackers to spoof servers via crafted X.509 certificate.... Read more

    Affected Products : cyassl
    • Published: Apr. 22, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2014-1985

    Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine before 2.4.5 and 2.5.x before 2.5.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks ... Read more

    Affected Products : redmine
    • Published: Apr. 11, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2014-1651

    SQL injection vulnerability in clientreport.php in the management console in Symantec Web Gateway (SWG) before 5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : web_gateway
    • Published: Jun. 18, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2014-1273

    dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library.... Read more

    Affected Products : iphone_os tvos
    • Published: Mar. 14, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2018-17828

    Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. (dot dot) in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file.... Read more

    Affected Products : zziplib zziplib
    • Published: Oct. 01, 2018
    • Modified: Jul. 10, 2025

  • 5.8

    MEDIUM
    CVE-2013-6802

    Google Chrome before 31.0.1650.57 allows remote attackers to bypass intended sandbox restrictions by leveraging access to a renderer process, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013, a different vulnerability than CVE-2013-6632.... Read more

    Affected Products : chrome
    • Published: Nov. 18, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2013-6722

    Unrestricted file upload vulnerability in the Registration/Edit My Profile portlet in IBM WebSphere Portal 7.x before 7.0.0.2 CF27 and 8.x through 8.0.0.1 CF09 allows remote attackers to cause a denial of service or modify data via unspecified vectors.... Read more

    Affected Products : websphere_portal
    • Published: Feb. 14, 2014
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2013-6077

    Citrix XenDesktop 7.0, when upgraded from XenDesktop 5.x, does not properly enforce policy rule permissions, which allows remote attackers to bypass intended restrictions.... Read more

    Affected Products : xendesktop
    • Published: Nov. 05, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2003-0160

    Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser.... Read more

    Affected Products : squirrelmail linux
    • Published: Apr. 02, 2003
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2013-5189

    Apple Mac OS X before 10.9 does not preserve a certain administrative system-preferences setting across software updates, which allows context-dependent attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unint... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Oct. 24, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2013-4955

    Open redirect vulnerability in the login page in Puppet Enterprise before 3.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the service parameter.... Read more

    Affected Products : puppet_enterprise
    • Published: Aug. 20, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2013-4673

    The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 does not properly implement RADIUS authentication, which allows remote attackers to execute arbitrary code by leveraging access to the login prompt.... Read more

    • Published: Aug. 01, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2024-7625

    In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive headers target the ... Read more

    Affected Products : nomad
    • Published: Aug. 15, 2024
    • Modified: Sep. 25, 2024

  • 5.8

    MEDIUM
    CVE-2013-2044

    Open redirect vulnerability in the Login Page (index.php) in ownCloud before 5.0.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter.... Read more

    Affected Products : owncloud owncloud_server
    • Published: Mar. 14, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2022-36112

    GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Usage of RSS feeds or extenal calendar in planning is subjec... Read more

    Affected Products : glpi
    • Published: Sep. 14, 2022
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2012-5647

    Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATH_INFO.... Read more

    Affected Products : openshift openshift_origin
    • Published: Feb. 24, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 294848 Results