Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2014-5817

    The Mini Pets (aka com.miniclip.animalshelter) application 2.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : mini_pets
    • Published: Sep. 09, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-5867

    The Capital One Spark Pay (aka com.capitalone.sparkpay) application 0.9.81 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificat... Read more

    Affected Products : capital_one_spark
    • Published: Sep. 11, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-6693

    The Juiker (aka org.itri) application 3.2.0829.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : juiker
    • Published: Sep. 24, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2022-31861

    Cross site Scripting (XSS) in ThingsBoard IoT Platform through 3.3.4.1 via a crafted value being sent to the audit logs.... Read more

    Affected Products : thingsboard
    • Published: Sep. 13, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-6894

    The Lucktastic (aka com.lucktastic.scratch) application 1.2.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : lucktastic
    • Published: Oct. 03, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-7038

    The Al Jazeera (aka com.Al.Jazeera.net) application 6.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : al_jazeera
    • Published: Oct. 16, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-7047

    The Ocean Avenue Mobile Pro (aka com.oceanavenue.mobile) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : ocean_avenue_mobile_pro
    • Published: Oct. 10, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-7043

    The Cadpage (aka net.anei.cadpage) application 1.7.44 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : cadpage
    • Published: Oct. 16, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-7134

    The PROF. USMAN ALI AWHEELA (aka com.wPROFUAAWHEELA) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : prof._usman_ali_awheela
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-7359

    The MAPA DA MINA (aka com.wMAPADAMINA) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : mapa_da_mina
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-7443

    The Face Fun Photo Collage Maker 2 (aka com.kauf.facefunphotocollagemaker2) application 1.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a... Read more

    Affected Products : face_fun_photo_collage_maker_2
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-7611

    The Lost Temple (aka com.crazy.game.good.mengchenglu.templeI) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certifi... Read more

    Affected Products : lost_temple
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2010-3669

    TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS and Open Redirection in the frontend login box.... Read more

    Affected Products : typo3
    • Published: Nov. 04, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-39097

    WebBoss.io CMS v3.7.0.1 contains a stored cross-site scripting (XSS) vulnerability.... Read more

    Affected Products : webboss.io_cms
    • Published: Aug. 03, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-16342

    ShowDoc v1.8.0 has XSS via a new page.... Read more

    Affected Products : showdoc
    • Published: Sep. 02, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-42362

    An arbitrary file upload vulnerability in Teller Web App v.4.4.0 allows a remote attacker to execute arbitrary commands and obtain sensitive information via uploading a crafted file.... Read more

    Affected Products : teller
    • Published: Sep. 14, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2023-41161

    Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the key comment to different pages such as public key details, Export key, sign key, send to key server page, and... Read more

    Affected Products : usermin
    • Published: Sep. 07, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-17993

    Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=addition_deduction request.... Read more

    • Published: Dec. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2015-7414

    Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 allows remote authenticated users t... Read more

    Affected Products : infosphere_master_data_management
    • Published: Jan. 17, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2022-4658

    The RSSImport WordPress plugin through 4.6.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.... Read more

    Affected Products : rssimport
    • Published: Jan. 16, 2023
    • Modified: Apr. 04, 2025
Showing 20 of 293507 Results