Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2013-0499

    Cross-site scripting (XSS) vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote attackers to inject arbitrary web script or HTML via a SOAP message, as demonstrat... Read more

    • Published: May. 28, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2017-12723

    A Password in Configuration File issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump stores some passwords in the configuration file, which are accessible if the pump is configured to a... Read more

    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-25770

    libming 0.4.8 contains a memory leak vulnerability in /libming/src/actioncompiler/listaction.c.... Read more

    Affected Products : libming
    • Published: Feb. 26, 2024
    • Modified: Apr. 16, 2025

  • 4.3

    MEDIUM
    CVE-2010-1482

    Cross-site scripting (XSS) vulnerability in admin/editprefs.php in the backend in CMS Made Simple (CMSMS) before 1.7.1 might allow remote attackers to inject arbitrary web script or HTML via the date_format_string parameter.... Read more

    Affected Products : cms_made_simple
    • Published: May. 12, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2022-31046

    TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authe... Read more

    Affected Products : typo3
    • Published: Jun. 14, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-48023

    Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change tick... Read more

    Affected Products : zammad
    • Published: Feb. 03, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-6516

    Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 8.98 allows local users to affect confidentiality, integrity, and availability via vectors related to Installation SEC.... Read more

    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-30526

    Cross-Site Request Forgery (CSRF) vulnerability in Easy Social Feed.This issue affects Easy Social Feed: from n/a through 6.5.6. ... Read more

    Affected Products : easy_social_feed
    • Published: Mar. 31, 2024
    • Modified: Jun. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-47871

    Missing Authorization vulnerability in IT Path Solutions Contact Form to Any API allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form to Any API: from n/a through 1.1.6.... Read more

    Affected Products : contact_form_to_any_api
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 4.3

    MEDIUM
    CVE-2006-3106

    Cross-site scripting (XSS) vulnerability in index.php in phpMyDesktop|Arcade 1.0 allows remote attackers to inject arbitrary web script or HTML via the subsite parameter in the subsite todo.... Read more

    Affected Products : phpmydesktop_arcade
    • Published: Jun. 21, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2008-6034

    Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the atkaction parameter. NOTE: the provenance of this information is unknown; the details are obtained solely fro... Read more

    Affected Products : achievo
    • Published: Feb. 03, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-4792

    The Duplicate Post Page Menu & Custom Post Type plugin for WordPress is vulnerable to unauthorized page and post duplication due to a missing capability check on the duplicate_ppmc_post_as_draft function in versions up to, and including, 2.3.1. This makes... Read more

    • Published: Sep. 07, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-0027

    An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email report that contains summary information about all incidents in the Cortex XSOAR instance, includin... Read more

    Affected Products : cortex_xsoar
    • Published: May. 11, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-43664

    PrestaShop is an Open Source e-commerce web application. In the Prestashop Back office interface, an employee can list all modules without any access rights: method `ajaxProcessGetPossibleHookingListForModule` doesn't check access rights. This issue has b... Read more

    Affected Products : prestashop
    • Published: Sep. 28, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-0362

    The extended ACL functionality in Cisco IOS 12.2(58)SE2 and 15.0(1)SE discards all lines that end with a log or time keyword, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending network traffic, a... Read more

    Affected Products : ios
    • Published: May. 02, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-8364

    Cross-site scripting (XSS) vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ss_id parameter.... Read more

    Affected Products : wordpress_spreadsheet_plugin
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2019-4334

    IBM Cognos Analytics 11.0 and 11.1 could reveal sensitive information to an authenticated user that could be used in future attacks against the system. IBM X-Force ID: 161271.... Read more

    Affected Products : cognos_analytics
    • Published: Nov. 09, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-8247

    Cross-site scripting (XSS) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • Published: Dec. 16, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-22164

    In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacke... Read more

    Affected Products : enterprise_security
    • Published: Jan. 09, 2024
    • Modified: Jun. 03, 2025

  • 4.3

    MEDIUM
    CVE-2014-4834

    IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application crash) via a crafted XM... Read more

    Affected Products : websphere_commerce
    • Published: Nov. 05, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293973 Results