Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2024-29232

    Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database contain... Read more

    • Published: Mar. 28, 2024
    • Modified: Aug. 04, 2025

  • 5.4

    MEDIUM
    CVE-2014-4452

    WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4... Read more

    Affected Products : itunes iphone_os tvos safari
    • Published: Nov. 18, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-4428

    Bluetooth in Apple OS X before 10.10 does not require encryption for HID Low Energy devices, which allows remote attackers to spoof a device by leveraging previous pairing.... Read more

    Affected Products : mac_os_x
    • Published: Oct. 18, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2020-36139

    BloofoxCMS 0.5.2.1 allows Reflected Cross-Site Scripting (XSS) vulnerability by inserting a XSS payload within the 'fileurl' parameter.... Read more

    Affected Products : bloofoxcms
    • Published: Jun. 04, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-36115

    Stored Cross Site Scripting (XSS) vulnerability in EGavilan Media CRUD Operation with PHP, MySQL, Bootstrap, and Dompdf via First Name or Last Name parameter in the 'Add New Record Feature'.... Read more

    Affected Products : windows phpcrud
    • Published: Jan. 28, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-29133

    Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue.... Read more

    Affected Products : fedora commons_configuration
    • Published: Mar. 21, 2024
    • Modified: May. 01, 2025

  • 5.4

    MEDIUM
    CVE-2020-36056

    Beetel 777VR1-DI Hardware Version REV.1.01 Firmware Version V01.00.09_55 was discovered to contain a cross-site scripting (XSS) vulnerability via the Ping diagnostic option.... Read more

    Affected Products : 777vr1_firmware 777vr1
    • Published: Jan. 31, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-35987

    A stored cross site scripting (XSS) vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.... Read more

    Affected Products : rukovoditel
    • Published: Jul. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-35985

    A stored cross site scripting (XSS) vulnerability in the 'Global Lists" feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.... Read more

    Affected Products : rukovoditel
    • Published: Jul. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-35946

    An issue was discovered in the All in One SEO Pack plugin before 3.6.2 for WordPress. The SEO Description and Title fields are vulnerable to unsanitized input from a Contributor, leading to stored XSS.... Read more

    Affected Products : all_in_one_seo_pack
    • Published: Jan. 01, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-35930

    Seo Panel 4.8.0 allows stored XSS by an Authenticated User via the url parameter, as demonstrated by the seo/seopanel/websites.php URI.... Read more

    Affected Products : seo_panel
    • Published: Dec. 31, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-0468

    Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to ... Read more

    • Published: Apr. 21, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-3887

    Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: This vulnerability exists because of an incompl... Read more

    Affected Products : rockdisk_firmware rockdisk
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2014-3822

    Juniper Junos 11.4 before 11.4R8, 12.1 before 12.1R5, 12.1X44 before 12.1X44-D20, 12.1X45 before 12.1X45-D15, 12.1X46 before 12.1X46-D10, and 12.1X47 before 12.1X47-D10 on SRX Series devices, allows remote attackers to cause a denial of service (flowd cra... Read more

    Affected Products : junos srx100 srx110 srx210 srx220 srx240 srx550 srx650 srx1400 srx3400 +3 more products
    • Published: Jul. 11, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-3827

    Multiple cross-site scripting (XSS) vulnerabilities in the MyBB (aka MyBulletinBoard) before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the title parameter in the (1) edit or (2) add action in the user-users module o... Read more

    Affected Products : mybb
    • Published: Feb. 11, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-28967

    Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerabil... Read more

    Affected Products : secure_connect_gateway
    • Published: Jun. 13, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-35748

    Cross-site scripting (XSS) vulnerability in models/list-table.php in the FV Flowplayer Video Player plugin before 7.4.37.727 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the fv_wp_fvvideoplayer_src JSON field ... Read more

    Affected Products : fv_flowplayer_video_player
    • Published: Jan. 15, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-35705

    Daybyday 2.1.0 allows stored XSS via the Name parameter to the New User screen.... Read more

    Affected Products : daybyday
    • Published: Dec. 25, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-28966

    Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, ... Read more

    Affected Products : secure_connect_gateway
    • Published: Jun. 13, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-17006

    Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability... Read more

    Affected Products : dynamics_crm_2015
    • Published: Nov. 11, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294848 Results