Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2005-4597

    Cross-site scripting (XSS) vulnerability in index.php in iPei Guestbook 1.7 allows remote attackers to inject arbitrary web script or HTML via the email parameter, as used by the email field, when signing a guestbook.... Read more

    Affected Products : ipei_guestbook
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4555

    Cross-site scripting (XSS) vulnerability in add.php in DEV web management system 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) ENTER_ARTICLE_TITLE, (2) SPECIFY_ZONE, (3) ENTER_ARTICLE_HEADER, and (4) ENTER_ARTI... Read more

    Affected Products : dev_web_management_system
    • Published: Dec. 28, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2015-9031

    In all Android releases from CAF using the Linux kernel, a TZ memory address is exposed to HLOS by HDCP.... Read more

    Affected Products : android
    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2012-1449

    The CAB file parser in NOD32 Antivirus 5795 and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a CAB file with a modified vMajor field. NOTE: this may later be SPLIT into multiple CVEs if additional information is pu... Read more

    Affected Products : nod32_antivirus rising_antivirus
    • Published: Mar. 21, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2007-3576

    Microsoft Internet Explorer 6 executes web script from URIs of arbitrary scheme names ending with the "script" character sequence, using the (1) vbscript: handler for scheme names with 7 through 9 characters, and the (2) javascript: handler for scheme nam... Read more

    Affected Products : internet_explorer
    • Published: Jul. 05, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2005-4136

    Cross-site scripting (XSS) vulnerability in login.php in DRZES HMS 3.2 allows remote attackers to inject arbitrary web script or HTML via the customerEmailAddress parameter.... Read more

    Affected Products : drzes_hms
    • Published: Dec. 09, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4057

    Cross-site scripting (XSS) vulnerability in search.php in PluggedOut Nexus 0.1 allows remote attackers to inject arbitrary web script or HTML via the (1) Location, (2) Last Name, and (3) First Name parameters.... Read more

    Affected Products : pluggedout_nexus
    • Published: Dec. 07, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3109

    Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 before 3.3(5)SR3, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3), and 4.3 before 4.3(1), allows remote attackers to inject arbitrary web script or HTML via the (1) pattern parameter in ccmadmin/ph... Read more

    Affected Products : call_manager
    • Published: Jun. 21, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3103

    Cross-site scripting (XSS) vulnerability in Bitweaver 1.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error parameter in users/login.php and the (2) feedback parameter in articles/index.php.... Read more

    Affected Products : bitweaver
    • Published: Jun. 21, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2019-4579

    IBM Resilient SOAR 38 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 167236.... Read more

    • Published: Aug. 28, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-4400

    IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on... Read more

    Affected Products : cloud_orchestrator
    • Published: Oct. 25, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-4171

    IBM Security Guardium Insights 2.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174407.... Read more

    Affected Products : security_guardium_insights
    • Published: Aug. 27, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-25026

    The sf_event_mgt (aka Event management and registration) extension before 4.3.1 and 5.x before 5.1.1 for TYPO3 allows Information Disclosure (participant data, and event data via email) because of Broken Access Control.... Read more

    Affected Products : event_management_and_registration
    • Published: Sep. 02, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-18365

    In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages.... Read more

    Affected Products : teamcity
    • Published: Oct. 31, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-12618

    The Newsletter2Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'resetStyles' AJAX action in all versions up to, and including, 4.0.14. This makes it possible for authenticated attackers, ... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2020-6327

    SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is cau... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • Published: Sep. 09, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-15731

    An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attacker to write an arbitrary file in a location hardcoded in a specially-crafted malicious file name. This issue affects: Bitdefe... Read more

    Affected Products : engines
    • Published: Sep. 30, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-15595

    An issue was discovered in Zoho Application Control Plus before version 10.0.511. The Element Configuration feature (to configure elements included in the scope of elements managed by the product) allows an attacker to retrieve the entire list of the IP r... Read more

    • Published: Sep. 30, 2020
    • Modified: May. 30, 2025

  • 4.3

    MEDIUM
    CVE-2019-16251

    plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes.... Read more

    • Published: Oct. 31, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-25774

    A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to trigger an out-of-bounds red information disclosure which would disclose sensitive information to an unprivileged account. User interaction is required to... Read more

    Affected Products : windows apex_one
    • Published: Sep. 29, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294330 Results