Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-47117

    IBM Carbon Design System (Carbon Charts 0.4.0 through 1.13.16) is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea... Read more

    Affected Products : carbon_charts
    • Published: Dec. 10, 2024
    • Modified: Aug. 15, 2025

  • 5.4

    MEDIUM
    CVE-2025-55203

    Plane is open-source project management software. Prior to version 0.28.0, a stored cross-site scripting (XSS) vulnerability exists in the description_html field of Plane. This flaw allows an attacker to inject malicious JavaScript code that is stored and... Read more

    Affected Products : plane
    • Published: Aug. 15, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2024-25041

    IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is potentially vulnerable to cross site scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Ass... Read more

    Affected Products : cognos_analytics
    • Published: Jun. 28, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-53631

    flaskBlog is a blog app built with Flask. In versions 2.8.1 and prior, improper sanitization of postContent when submitting POST requests to /createpost leads to arbitrary JavaScript execution (XSS) on all pages the post is reflected on including /, /post... Read more

    Affected Products : flaskblog
    • Published: Aug. 14, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 5.4

    MEDIUM
    CVE-2014-6767

    The Juggle! FREE (aka com.jakyl.juggleforfree) application 3.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : juggle\!_free
    • EPSS Score: %0.04
    • Published: Sep. 28, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2004-2527

    The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Win... Read more

    Affected Products : windows_2003_server windows_xp
    • EPSS Score: %1.00
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.4

    MEDIUM
    CVE-2005-3899

    The automatic update feature in Google Talk allows remote attackers to cause a denial of service (CPU and memory consumption) by poisoning a target's DNS cache and causing a large update file to be sent, which consumes large amounts of CPU and memory duri... Read more

    Affected Products : talk
    • EPSS Score: %1.15
    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025

  • 5.4

    MEDIUM
    CVE-2005-3887

    Gadu-Gadu 7.20 does not properly handle MS-DOS device names in filenames, which allows remote attackers to (1) cause a denial of service (hang) via an image filename of AUX: sent twice (hang), or (2) write to the LPT1 port via a filename of "LPT1:".... Read more

    Affected Products : gadu-gadu_instant_messenger
    • EPSS Score: %1.41
    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025

  • 5.4

    MEDIUM
    CVE-2006-3351

    Buffer overflow in Windows Explorer (explorer.exe) on Windows XP and 2003 allows user-assisted attackers to cause a denial of service (repeated crash) and possibly execute arbitrary code via a .url file with an InternetShortcut tag containing a long URL a... Read more

    Affected Products : windows_2003_server windows_xp
    • EPSS Score: %25.50
    • Published: Jul. 06, 2006
    • Modified: Apr. 03, 2025

  • 5.4

    MEDIUM
    CVE-2006-4139

    Race condition in Sun Solaris 10 allows attackers to cause a denial of service (system panic) via unspecified vectors related to ifconfig and either netstat or SNMP queries.... Read more

    Affected Products : solaris
    • EPSS Score: %0.76
    • Published: Aug. 14, 2006
    • Modified: Apr. 03, 2025

  • 5.4

    MEDIUM
    CVE-2006-5179

    Intoto iGateway VPN and iGateway SSL-VPN allow context-dependent attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra ti... Read more

    Affected Products : igateway_ssl-vpn igateway_vpn
    • EPSS Score: %0.33
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 5.4

    MEDIUM
    CVE-2006-6896

    The Bluetooth stack in the Plantronic Headset does not properly implement Non-pairable mode, which allows remote attackers to conduct unauthorized pair-up operations.... Read more

    Affected Products : headset
    • EPSS Score: %0.31
    • Published: Dec. 31, 2006
    • Modified: Apr. 09, 2025

  • 5.4

    MEDIUM
    CVE-2007-0661

    Intel Enterprise Southbridge 2 Baseboard Management Controller (BMC), Intel Server Boards 5000XAL, S5000PAL, S5000PSL, S5000XVN, S5000VCL, S5000VSA, SC5400RA, and OEM Firmware for Intel Enterprise Southbridge Baseboard Management Controller before 2007011... Read more

    • EPSS Score: %0.36
    • Published: Feb. 01, 2007
    • Modified: Apr. 09, 2025

  • 5.4

    MEDIUM
    CVE-2023-27070

    A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field.... Read more

    Affected Products : openplatform
    • EPSS Score: %0.09
    • Published: Mar. 14, 2023
    • Modified: Feb. 27, 2025

  • 5.4

    MEDIUM
    CVE-2014-7491

    The Short Stories (aka com.ireadercity.c48) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : short_stories
    • EPSS Score: %0.04
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2009-2458

    Unspecified vulnerability in Sun Fire V215 Server, when using XVR-100 graphic cards on system boards with part number 375-3463 and a hardware dash level -04 or later, allows remote attackers to cause a denial of service (panic) via unknown vectors.... Read more

    Affected Products : sun_fire_server
    • EPSS Score: %0.69
    • Published: Jul. 14, 2009
    • Modified: Apr. 09, 2025

  • 5.4

    MEDIUM
    CVE-2009-5098

    The LunaSysMgr process in Palm Pre WebOS 1.1 and earlier, when not viewing web pages in landscape mode, allows remote attackers to cause a denial of service (crash) via a web page containing a long string following a refresh tag, which triggers a floating... Read more

    Affected Products : palm_pre_webos
    • EPSS Score: %19.82
    • Published: Sep. 13, 2011
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2013-4669

    FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and FortiClient SSL VPN before 4.0.2258 on Linux proceed with... Read more

    • EPSS Score: %0.13
    • Published: Jun. 25, 2013
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2012-4094

    Buffer overflow in the Smart Call Home feature in the fabric interconnect in Cisco Unified Computing System (UCS) allows remote attackers to cause a denial of service by reading and forging control messages associated with Smart Call Home reports, aka Bug... Read more

    Affected Products : unified_computing_system
    • EPSS Score: %0.84
    • Published: Sep. 24, 2013
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2020-21101

    Cross Site Scriptiong vulnerabilityin Screenly screenly-ose all versions, including v1.8.2 (2019-09-25-Screenly-OSE-lite.img), in the 'Add Asset' page via manipulation of a 'URL' field, which could let a remote malicious user execute arbitrary code.... Read more

    Affected Products : screenly
    • EPSS Score: %0.25
    • Published: Apr. 29, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291659 Results