Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2023-25687

    IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to obtain sensitive information from log files. IBM X-Force ID: 247602.... Read more

    Affected Products : security_key_lifecycle_manager
    • Published: Mar. 21, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2004-1730

    Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the return parameter to login_page.php, (2) e-mail field in signup.php, (3) action parameter to login_select_proj_page.php... Read more

    Affected Products : mantis
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2018-4470

    A privacy issue in the handling of Open Directory records was addressed with improved indexing. This issue affected versions prior to macOS High Sierra 10.13.6.... Read more

    Affected Products : mac_os_x
    • Published: Apr. 03, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-5833

    Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading security UI via a crafted HTML page.... Read more

    • Published: Jun. 27, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-1413

    A security feature bypass vulnerability exists when Microsoft Edge improperly handles extension requests and fails to request host permission for all_urls, aka 'Microsoft Edge Security Feature Bypass Vulnerability'.... Read more

    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2004-1735

    Cross-site scripting (XSS) vulnerability in the create list option in Sympa 4.1.x and earlier allows remote authenticated users to inject arbitrary web script or HTML via the description field.... Read more

    Affected Products : sympa
    • Published: Aug. 21, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2020-3222

    A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass access control restrictions on an affected device. The vulnerability is due to the presence of a proxy service at... Read more

    Affected Products : ios_xe ios_xe
    • Published: Jun. 03, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-29064

    The FACSChorus software contains sensitive information stored in plaintext. A threat actor could gain hardcoded secrets used by the application, which include tokens and passwords for administrative accounts.... Read more

    • Published: Nov. 28, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-21184

    Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.... Read more

    Affected Products : fedora debian_linux chrome
    • Published: Mar. 09, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2004-0314

    Cross-site scripting (XSS) vulnerability in done.jsp in WebzEdit 1.9 and earlier allows remote attackers to execute arbitrary script as other users via the message parameter.... Read more

    Affected Products : webzedit
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2025-30427

    A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexp... Read more

    Affected Products : macos iphone_os tvos safari ipados visionos
    • Published: Mar. 31, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2023-29065

    The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database.... Read more

    • Published: Nov. 28, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-3182

    A vulnerability in the multicast DNS (mDNS) protocol configuration of Cisco Webex Meetings Client for MacOS could allow an unauthenticated adjacent attacker to obtain sensitive information about the device on which the Webex client is running. The vulnera... Read more

    Affected Products : webex_meetings
    • Published: Mar. 04, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-35603

    Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to ex... Read more

    • Published: Oct. 20, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-29046

    Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the co... Read more

    Affected Products : open-xchange_appsuite
    • Published: Nov. 02, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2004-0322

    Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to execute arbitrary script as other users via the (1) member parameter in member.php, (2) uid parameter in u2uadmin.php, (3) user parameter in editprofile.php... Read more

    Affected Products : xmb
    • Published: Feb. 23, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2020-2182

    Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e., replace with asterisks) secrets containing a `$` character in some circumstances.... Read more

    Affected Products : credentials_binding
    • Published: May. 06, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2004-1747

    Cross-site scripting (XSS) vulnerability in NetworkEverywhere NR041 running firmware 1.2 Release 03 allows remote attackers to inject arbitrary web script or HTML via the DHCP HOSTNAME option.... Read more

    Affected Products : nr041
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1863

    Multiple cross-site scripting (XSS) vulnerabilities in XMB (aka extreme message board) 1.9 beta (aka Nexus beta) allow remote attackers to inject arbitrary web script or HTML via (1) the u2uheader parameter in editprofile.php, the restrict parameter in (2... Read more

    Affected Products : xmb
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2020-3412

    A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an authenticated, remote attacker to create a scheduled meeting template that would belong to another user in their organization. The vulnerability is due to ins... Read more

    • Published: Aug. 17, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294863 Results