Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2015-0173

    The HTTP connection-management functionality in Internet Pass-Thru (IPT) before 2.1.0.2 in IBM WebSphere MQ, when HTTPS is disabled, does not properly generate MQIPT Session IDs, which makes it easier for remote attackers to bypass intended restrictions o... Read more

    Affected Products : websphere_mq_internet_pass_thru
    • Published: Jun. 28, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2023-47233

    The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this "could be exploited in a real w... Read more

    Affected Products : linux_kernel
    • Published: Nov. 03, 2023
    • Modified: Mar. 06, 2025

  • 4.3

    MEDIUM
    CVE-2023-22931

    In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been deprecated and disabled by default... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Feb. 14, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-7335

    Open redirect vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.... Read more

    Affected Products : dotnetnuke
    • Published: Mar. 12, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-32102

    Cross-Site Request Forgery (CSRF) vulnerability in Scott Kingsley Clark Crony Cronjob Manager.This issue affects Crony Cronjob Manager: from n/a through 0.5.0. ... Read more

    Affected Products :
    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-9036

    Cross-site scripting (XSS) vulnerability in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted Cascading Style Sheets (CSS) token sequence in a ... Read more

    Affected Products : debian_linux wordpress
    • Published: Nov. 25, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-44082

    In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthori... Read more

    Affected Products :
    • Published: Sep. 06, 2024
    • Modified: Nov. 07, 2024

  • 4.3

    MEDIUM
    CVE-2014-9032

    Cross-site scripting (XSS) vulnerability in the media-playlists feature in WordPress before 3.9.x before 3.9.3 and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : wordpress
    • Published: Nov. 25, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9031

    Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field... Read more

    Affected Products : wordpress
    • Published: Nov. 25, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9014

    Directory traversal vulnerability in the ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin before 2.4.1 for WordPress allows remote authenticated users to download arbitrary files via a .. (dot dot) in the file parameter.... Read more

    Affected Products : wpmarketplace
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-0208

    The ASN.1 signature-verification implementation in the rsa_item_verify function in crypto/rsa/rsa_ameth.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted RSA ... Read more

    Affected Products : openssl
    • Published: Mar. 19, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2020-4319

    IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 LTS, and 9.1 CD could allow under special circumstances, an authenticated user to obtain sensitive information due to a data leak from an error message within the pre-v7 pubsub logic. IBM X-For... Read more

    Affected Products : mq_appliance
    • Published: Jul. 28, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-2343

    Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Notification Mailer). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with net... Read more

    Affected Products : workflow
    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-13724

    The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to unauthorized access to functionality in all versions up to, and including, 2.6.2. This makes it possible for un... Read more

    Affected Products : wallet_system_for_woocommerce
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2010-4483

    Google Chrome before 8.0.552.215 does not properly restrict read access to videos derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via a crafted web site.... Read more

    Affected Products : chrome
    • Published: Dec. 07, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2021-41313

    Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint. The ... Read more

    Affected Products : jira_server jira_data_center
    • Published: Nov. 01, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2011-0687

    Opera before 11.01 does not properly implement Wireless Application Protocol (WAP) dropdown lists, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted WAP document.... Read more

    Affected Products : opera_browser
    • Published: Jan. 31, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2017-8736

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to o... Read more

    • Published: Sep. 13, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2011-1102

    Cross-site scripting (XSS) vulnerability in the WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote attac... Read more

    Affected Products : policy_manager
    • Published: Feb. 25, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-5314

    Cross-site scripting (XSS) vulnerability in controllers/home_controller.php in BEdita before 3.1 allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter to news/index.... Read more

    Affected Products : bedita bedita
    • Published: Jan. 03, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 294436 Results