Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2007-5145

    Multiple buffer overflows in system DLL files in Microsoft Windows XP, as used by Microsoft Windows Explorer (explorer.exe) 6.00.2900.2180, Don Ho Notepad++, unspecified Adobe Macromedia applications, and other programs, allow user-assisted remote attacke... Read more

    Affected Products : windows_xp
    • Published: Oct. 01, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-2049

    The POP3 server (EPSTPOP3S.EXE) 4.22 in E-Post Mail Server 4.10 allows remote attackers to obtain sensitive information via multiple crafted APOP commands for a known POP3 account, which displays the password in a POP3 error message.... Read more

    Affected Products : mail_server
    • Published: May. 01, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2014-4569

    Cross-site scripting (XSS) vulnerability in ls/vv_login.php in the VideoWhisper Live Streaming Integration plugin 4.27.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the room_name parameter.... Read more

    • Published: Jul. 01, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2008-1001

    Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, when running on Windows XP or Vista, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is not properly handled in the error page.... Read more

    Affected Products : windows_vista windows_xp safari
    • Published: Mar. 19, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2020-10491

    CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a department via a crafted request.... Read more

    Affected Products : phpkb
    • Published: Mar. 12, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2009-1616

    Cross-site scripting (XSS) vulnerability in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505.... Read more

    • Published: May. 11, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2022-45369

    Auth. (subscriber+) Broken Access Control vulnerability in Plugin for Google Reviews plugin <= 2.2.2 on WordPress.... Read more

    Affected Products : plugin_for_google_reviews
    • Published: Nov. 18, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-30723

    Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.... Read more

    Affected Products : android dex
    • Published: Jun. 07, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-32447

    Cross-Site Request Forgery (CSRF) vulnerability in AWP Classifieds Team AWP Classifieds.This issue affects AWP Classifieds: from n/a through 4.3.1. ... Read more

    Affected Products : awp_classifieds
    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2008-6386

    Cross-site scripting (XSS) vulnerability in showads.php in Z1Exchange 1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.... Read more

    Affected Products : z1exchange
    • Published: Mar. 02, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2021-20376

    IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate usernames due to there being an observable discrepancy in returned messages. IBM X-Force ID: 195568.... Read more

    • Published: Oct. 07, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-4804

    The Android browser in Android before 2.3.4 allows remote attackers to obtain SD card contents via crafted content:// URIs, related to (1) BrowserActivity.java and (2) BrowserSettings.java in com/android/browser/.... Read more

    Affected Products : android
    • Published: Jun. 09, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-3051

    The Internet Service Monitor (ISM) agent in IBM Tivoli Composite Application Manager (ITCAM) for Transactions 7.1 and 7.2 before 7.2.0.3 IF28, 7.3 before 7.3.0.1 IF30, and 7.4 before 7.4.0.0 IF18 does not verify X.509 certificates from SSL servers, which ... Read more

    • Published: Oct. 29, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2021-33324

    The Layout module in Liferay Portal 7.1.0 through 7.3.1, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 5, does not properly check permission of pages, which allows remote authenticated users without view permission of a page to view the ... Read more

    • Published: Aug. 03, 2021
    • Modified: May. 13, 2025

  • 4.3

    MEDIUM
    CVE-2024-55994

    Missing Authorization vulnerability in 搜狐畅言 畅言评论系统 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 畅言评论系统: from n/a through 2.0.5.... Read more

    Affected Products :
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 4.3

    MEDIUM
    CVE-2008-7235

    Unspecified vulnerability in the Oracle Forms component in Oracle Application Server 10.1.2.2 and E-Business Suite 12.0.3 allows remote attackers to affect integrity via unknown vectors, aka AS04.... Read more

    Affected Products : e-business_suite application_server
    • Published: Sep. 14, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-42222

    In Apache CloudStack 4.19.1.0, a regression in the network listing API allows unauthorised list access of network details for domain admin and normal user accounts. This vulnerability compromises tenant isolation, potentially leading to unauthorised acces... Read more

    Affected Products : cloudstack
    • Published: Aug. 07, 2024
    • Modified: Mar. 14, 2025

  • 4.3

    MEDIUM
    CVE-2023-7019

    The LightStart – Maintenance Mode, Coming Soon and Landing Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the insert_template function in all versions up to, and including, 2.6.8. ... Read more

    Affected Products : lightstart
    • Published: Jan. 11, 2024
    • Modified: Jun. 03, 2025

  • 4.3

    MEDIUM
    CVE-2022-22334

    IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user to access information from a tenant of which they should not have access. IBM X-Force ID: 219391.... Read more

    Affected Products : robotic_process_automation
    • Published: Aug. 01, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-3601

    The Simple Author Box WordPress plugin before 2.52 does not verify a user ID before outputting information about that user, leading to arbitrary user information disclosure to users with a role as low as Contributor.... Read more

    Affected Products : simple_author_box
    • Published: Aug. 14, 2023
    • Modified: May. 05, 2025
Showing 20 of 294733 Results