Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2016-0162

    Microsoft Internet Explorer 9 through 11 allows remote attackers to determine the existence of files via crafted JavaScript code, aka "Internet Explorer Information Disclosure Vulnerability."... Read more

    • Actively Exploited
    • Published: Apr. 12, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-4011

    An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows non-project member to promote key results to objectives.... Read more

    Affected Products : gitlab
    • Published: Jun. 27, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-8579

    Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)... Read more

    • Published: Aug. 07, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2024-39410

    Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changes on behalf of a user. ... Read more

    Affected Products : magento commerce magento
    • Published: Aug. 14, 2024
    • Modified: Oct. 16, 2024

  • 4.3

    MEDIUM
    CVE-2016-1616

    The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused custom button.... Read more

    Affected Products : chrome
    • Published: Jan. 25, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2022-2619

    Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page.... Read more

    Affected Products : fedora chrome edge_chromium
    • Published: Aug. 12, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-37237

    Cross-Site Request Forgery (CSRF) vulnerability in FS-code FS Poster allows Cross Site Request Forgery.This issue affects FS Poster: from n/a through 6.5.8.... Read more

    Affected Products :
    • Published: Jan. 02, 2025
    • Modified: Jan. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-8583

    Inappropriate implementation in Permissions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)... Read more

    • Published: Aug. 07, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2016-3733

    The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to overwrite the course idnumber.... Read more

    Affected Products : moodle
    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2024-37218

    Missing Authorization vulnerability in WordPress Page Builder Sandwich Team Page Builder Sandwich – Front-End Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Page Builder Sandwich – Front-End Page Bu... Read more

    Affected Products : page_builder_sandwich
    • Published: Nov. 01, 2024
    • Modified: Nov. 01, 2024

  • 4.3

    MEDIUM
    CVE-2016-3732

    The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users.... Read more

    Affected Products : moodle
    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2007-2808

    Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb 4.00 and Gnats 4.1.99 allows remote attackers to inject arbitrary web script or HTML via the database parameter.... Read more

    Affected Products : gnats gnatsweb
    • Published: May. 22, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2019-2925

    Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Worklist). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP... Read more

    Affected Products : workflow
    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2006-0472

    Cross-site scripting (XSS) vulnerability in guestbook.php in my little homepage my little guestbook, as last modified in March 2004, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags.... Read more

    Affected Products : my_little_guestbook
    • Published: Jan. 31, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0195

    Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) a newline in a "url" specifier,... Read more

    Affected Products : squirrelmail
    • Published: Feb. 24, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0699

    Cross-site scripting (XSS) vulnerability in search.php in QWikiWiki 1.5, and possibly 1.5.1 and other versions, allows remote attackers to inject arbitrary web script or HTML via the query parameter.... Read more

    Affected Products : qwikiwiki
    • Published: Feb. 15, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2008-2200

    Multiple cross-site scripting (XSS) vulnerabilities in Maian Weblog 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter to admin/index.php in a blogs search action, the (2) msg_charset and (3) msg_header9 param... Read more

    Affected Products : maian_weblog
    • Published: May. 14, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-1604

    Cross-site scripting (XSS) vulnerability in PerlMailer before 3.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : perlmailer
    • Published: Apr. 01, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-2103

    Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later allows remote attackers to inject arbitrary web script or HTML via the id parameter to the "Format for Printing" view or "Long Format" bug list.... Read more

    Affected Products : bugzilla
    • Published: May. 07, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-2397

    Cross-site scripting (XSS) vulnerability in search-results.dot in dotCMS 1.x allows remote attackers to inject arbitrary web script or HTML via the search_query parameter. NOTE: the provenance of this information is unknown; the details are obtained sole... Read more

    Affected Products : dotcms
    • Published: May. 21, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 293926 Results