Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2023-25749

    Android applications with unpatched vulnerabilities can be launched from a browser using Intents, exposing users to these vulnerabilities. Firefox will now confirm with users that they want to launch an external application before doing so. <br>*This bug ... Read more

    Affected Products : firefox
    • Published: Jun. 02, 2023
    • Modified: Jan. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-24431

    A missing permission check in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.... Read more

    Affected Products : orka_by_macstadium
    • Published: Jan. 26, 2023
    • Modified: Apr. 02, 2025

  • 4.3

    MEDIUM
    CVE-2025-59034

    Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, a legacy API to retrieve user details could be misused to retrieve profile details of other users without having admin... Read more

    Affected Products : indico
    • Published: Sep. 10, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2013-7343

    Cross-site scripting (XSS) vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.3 allows remote attackers to inject arbitrary web script or HTML by using URL encoding within the callback parameter name. NOTE: this vulnera... Read more

    Affected Products : flowplayer_html5
    • Published: Mar. 24, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2019-13001

    An issue was discovered in GitLab Community and Enterprise Edition 11.9 and later through 12.0.2. GitLab Snippets were vulnerable to an authorization issue that allowed unauthorized users to add comments to a private snippet. It allows authentication bypa... Read more

    Affected Products : gitlab
    • Published: Mar. 10, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-10732

    In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart em... Read more

    Affected Products : debian_linux kmail
    • Published: Apr. 07, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2004-0620

    Cross-site scripting (XSS) vulnerability in (1) newreply.php or (2) newthread.php in vBulletin 3.0.1 allows remote attackers to inject arbitrary HTML or script as other users via the Edit-panel.... Read more

    Affected Products : vbulletin
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-26434

    When adding an external mail account, processing of POP3 "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue POP3 service could trigger requests that lead to excessive resource usage and eventually service unavaila... Read more

    • Published: Jun. 20, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-15733

    An issue was discovered in GitLab Community and Enterprise Edition 7.12 through 12.2.1. The specified default branch name could be exposed to unauthorized users.... Read more

    Affected Products : gitlab
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-3374

    Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582.... Read more

    Affected Products : unified_communications_manager
    • Published: Oct. 31, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2003-1579

    Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addres... Read more

    Affected Products : windows one_web_server
    • Published: Feb. 05, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2018-25031

    Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to ... Read more

    Affected Products : swagger_ui
    • Published: Mar. 11, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2003-1585

    Cross-site scripting (XSS) vulnerability in WebLogExpert allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.... Read more

    Affected Products : weblog_expert
    • Published: Feb. 05, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2019-10159

    cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller. An attacker with access to an unprivileged user can access all VM migration logs available.... Read more

    Affected Products : cloudforms cfme-gemset
    • Published: Jun. 14, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2003-1586

    Cross-site scripting (XSS) vulnerability in WebExpert allows remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header.... Read more

    Affected Products : webexpert
    • Published: Feb. 05, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2018-21255

    An issue was discovered in Mattermost Server before 5.1. Non-members of a channel could use the Channel PATCH API to modify that channel.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-24449

    Jenkins PWauth Security Realm Plugin 0.4 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins... Read more

    Affected Products : pwauth_security_realm
    • Published: Jan. 26, 2023
    • Modified: Apr. 02, 2025

  • 4.3

    MEDIUM
    CVE-2023-24455

    Jenkins visualexpert Plugin 1.3 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins contro... Read more

    Affected Products : visual_expert
    • Published: Jan. 26, 2023
    • Modified: Apr. 02, 2025

  • 4.3

    MEDIUM
    CVE-2023-26433

    When adding an external mail account, processing of IMAP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue IMAP service could trigger requests that lead to excessive resource usage and eventually service unavaila... Read more

    • Published: Jun. 20, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2004-1692

    Cross-site scripting (XSS) vulnerability in index.php in Mambo 4.5 (1.0.9) allows remote attackers to inject arbitrary web script or HTML via the (1) Itemid, (2) mosmsg, or (3) limit parameters.... Read more

    Affected Products : mambo_open_source
    • Published: Sep. 18, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 294125 Results