Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2023-48642

    Archer Platform 6.x before 6.13 P2 (6.13.0.2) contains an authenticated HTML content injection vulnerability. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data store. Whe... Read more

    Affected Products : archer
    • EPSS Score: %0.21
    • Published: Dec. 12, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-21845

    Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Panel Processor). The supported version that is affected is 8.60. Easily exploitable vulnerability allows low privileged attacker with network access via HTT... Read more

    Affected Products : peoplesoft_enterprise_peopletools
    • EPSS Score: %0.22
    • Published: Jan. 18, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-5580

    The BackgroundCheckProTool (aka com.BackgroundCheckProTool) application 3.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certifica... Read more

    Affected Products : backgroundcheckprotool
    • EPSS Score: %0.04
    • Published: Sep. 09, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-5723

    The Trapster (aka com.trapster.android) application 4.3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : trapster
    • EPSS Score: %0.04
    • Published: Sep. 09, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6639

    The TIO MobilePay - Bill Payments (aka com.tionetworks.mobile.android.tioclient) application 1.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information ... Read more

    Affected Products : tio_mobilepay_-_bill_payments
    • EPSS Score: %0.04
    • Published: Sep. 22, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6939

    The Sketch W Friends FREE -Tablets (aka air.com.xlabz.SketchWFriendsFree) application 5.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a c... Read more

    Affected Products : sketch_w_friends_free_-tablets
    • EPSS Score: %0.04
    • Published: Oct. 11, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-7002

    The Sopexa Pavillon France (aka com.goomeoevents.pavillonfrance) application 3.6.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted ce... Read more

    Affected Products : sopexa_pavillon_france
    • EPSS Score: %0.04
    • Published: Oct. 16, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-7086

    The Killer Screen lock (aka com.cc.theme.shashou) application 0.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : killer_screen_lock
    • EPSS Score: %0.04
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6933

    The Toraware Takojyou (aka ltd.pte.wavea.torawaretakojyou) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificat... Read more

    Affected Products : toraware_takojyou
    • EPSS Score: %0.04
    • Published: Oct. 04, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-7360

    The How To Boil Eggs (aka com.appmakr.app842173) application 251333 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : how_to_boil_eggs
    • EPSS Score: %0.04
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-7078

    The Payoneer Sign Up (aka com.wPayoneerSignUp) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : payoneer_sign_up
    • EPSS Score: %0.04
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2020-15020

    An issue was discovered in the Elementor plugin through 2.9.13 for WordPress. An authenticated attacker can achieve stored XSS via the Name Your Template field.... Read more

    Affected Products : website_builder
    • EPSS Score: %0.15
    • Published: Aug. 31, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-15029

    NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php sn parameter.... Read more

    Affected Products : nedi
    • EPSS Score: %0.34
    • Published: Jul. 07, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-7089

    The COMPETITION INFORMATION (aka com.ear.bilgiyarismasi) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : competition_information
    • EPSS Score: %0.04
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-7439

    The bene+ odmeny a slevy (aka cz.gemoney.bene.android) application 1.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : bene\+_odmeny_a_slevy
    • EPSS Score: %0.04
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2020-15105

    Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authent... Read more

    Affected Products : django_two-factor_authentication
    • EPSS Score: %0.16
    • Published: Jul. 10, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-15035

    NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Map.php hde parameter.... Read more

    Affected Products : nedi
    • EPSS Score: %0.34
    • Published: Jul. 07, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-47313

    Headwind MDM Web panel 5.22.1 is vulnerable to Directory Traversal. The application uses an API call to move the uploaded temporary file to the file directory during the file upload process. This API call receives two input parameters, such as path and lo... Read more

    Affected Products : headwind_mdm
    • EPSS Score: %0.13
    • Published: Nov. 22, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-5598

    Stored Cross-site Scripting (XSS) vulnerabilities affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allow an attacker to execute arbitrary script code.... Read more

    • EPSS Score: %0.18
    • Published: Nov. 21, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-5610

    The Seraphinite Accelerator WordPress plugin before 2.2.29 does not validate the URL to redirect any authenticated user to, leading to an arbitrary redirect... Read more

    • EPSS Score: %0.08
    • Published: Nov. 20, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 291618 Results