Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2014-7695

    The easaa Baoneng (aka com.easaa.baoneng) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : easaa_baoneng
    • EPSS Score: %0.04
    • Published: Oct. 21, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-5904

    The MiniInTheBox Online Shopping (aka com.miniinthebox.android) application 2.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted cer... Read more

    Affected Products : miniinthebox_online_shopping
    • EPSS Score: %0.04
    • Published: Sep. 15, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2022-40748

    IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a ... Read more

    • EPSS Score: %0.14
    • Published: Sep. 23, 2022
    • Modified: May. 22, 2025

  • 5.4

    MEDIUM
    CVE-2014-5910

    The Dog Whistle (aka com.dogwhistle.dogtrainingandroidapp) application 1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificat... Read more

    Affected Products : dog_whistle
    • EPSS Score: %0.04
    • Published: Sep. 17, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-5911

    The Free App Icons & Icon Packs (aka com.jellytap.cooliconfinder) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted cer... Read more

    Affected Products : free_app_icons_\&_icon_packs
    • EPSS Score: %0.04
    • Published: Sep. 17, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-5915

    The Tigo Copa Mundial FIFA 2014 (aka com.fwc2014.millicom.and) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certif... Read more

    Affected Products : tigo_copa_mundial_fifa_2014
    • EPSS Score: %0.04
    • Published: Sep. 17, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-5920

    The VK Amberfog (aka com.amberfog.vkfree) application 3.5.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : vk_amberfog
    • EPSS Score: %0.04
    • Published: Sep. 18, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-5945

    The Edline Mobile (aka com.wEdlineFree) application 0.63.13369.34294 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : edline_mobile
    • EPSS Score: %0.04
    • Published: Sep. 18, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-5951

    The SinoPac (aka com.sionpac.app.SinoPac) application 2.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : sinopac
    • EPSS Score: %0.04
    • Published: Sep. 18, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-5964

    The MegaBank (aka com.megabank.mobilebank) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : megabank
    • EPSS Score: %0.04
    • Published: Sep. 19, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-33231

    Cross Site Scripting vulnerability in Ferozo Email version 1.1 allows a local attacker to execute arbitrary code via a crafted payload to the PDF preview component.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 19, 2024

  • 5.4

    MEDIUM
    CVE-2014-5966

    The Dreamland Super Theme GO Gold (aka com.gau.go.launcherex.viptheme.dreamland.gold) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information... Read more

    Affected Products : dreamland_super_theme_go_gold
    • EPSS Score: %0.04
    • Published: Sep. 19, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-5973

    The Aquarium Advice (aka com.socialknowledge.aquariumadvice) application 3.7.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certif... Read more

    Affected Products : aquarium_advice
    • EPSS Score: %0.04
    • Published: Sep. 20, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-5975

    The eponyms (aka com.anddeveloper.eponyms) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : eponyms
    • EPSS Score: %0.04
    • Published: Sep. 20, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-33588

    Missing Authorization vulnerability in codeSavory Knowledge Base documentation & wiki plugin – BasePress.This issue affects Knowledge Base documentation & wiki plugin – BasePress: from n/a through 2.16.1. ... Read more

    Affected Products :
    • Published: Apr. 29, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-28795

    IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a ... Read more

    Affected Products : infosphere_information_server
    • Published: Jun. 30, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-26490

    A cross-site scripting (XSS) vulnerability in the Addon JD Simple module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field.... Read more

    Affected Products : flusity
    • Published: Feb. 22, 2024
    • Modified: Mar. 25, 2025

  • 5.4

    MEDIUM
    CVE-2024-56234

    Missing Authorization vulnerability in VW THEMES VW Automobile Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Automobile Lite: from n/a through 2.1.... Read more

    Affected Products :
    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 5.4

    MEDIUM
    CVE-2024-28965

    Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, ... Read more

    Affected Products : secure_connect_gateway
    • Published: Jun. 13, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-2997

    A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument Category Name/Model Name/Brand Na... Read more

    • Published: Mar. 27, 2024
    • Modified: Jun. 12, 2025
Showing 20 of 291368 Results