Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2022-41708

    Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access existing chats in the workspaces of any user of the application. This is possible because the application does not validate permissions correctly.... Read more

    Affected Products : messenger
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 4.3

    MEDIUM
    CVE-2009-1080

    Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID 19033.... Read more

    Affected Products : java_system_identity_manager
    • Published: Mar. 25, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-1344

    The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the uucss_update_rule function. This makes it possible... Read more

    • Published: Mar. 10, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-6659

    Cross-site scripting (XSS) vulnerability in the admin interface in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : phorum
    • Published: Sep. 19, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2022-43860

    IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information they are authorized to but not while using this interface. By performing an SQL injection an attacker could see user profile attributes through this i... Read more

    Affected Products : i i
    • Published: Dec. 24, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-43753

    A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.... Read more

    Affected Products : manager_server uyuni
    • Published: Nov. 10, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-31478

    The UserTakeOver plugin before 4.0.1 for ILIAS allows an attacker to list all users via the search function.... Read more

    Affected Products : usertakeover
    • Published: Jun. 21, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-6339

    Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cerberus FTP Server before 5.0.6.0 allow (1) remote attackers to inject arbitrary web script or HTML via a log entry that is not properly handled within the Log Man... Read more

    Affected Products : ftp_server cerberus_ftp_server
    • Published: Dec. 31, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2023-1236

    Inappropriate implementation in Internals in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to spoof the origin of an iframe via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : chrome edge_chromium
    • Published: Mar. 07, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-43857

    IBM Navigator for i 7.3, 7.4 and 7.5 could allow an authenticated user to access IBM Navigator for i log files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks and download log file... Read more

    Affected Products : i i
    • Published: Dec. 22, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-1334

    The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the queue_posts function in versions up to, and including, 1.7.1. This makes it possible for authenticated at... Read more

    • Published: Mar. 10, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2009-3903

    Multiple cross-site scripting (XSS) vulnerabilities in jspui/index.jsp in ManageEngine Netflow Analyzer 7.5 build 7500 allow remote attackers to inject arbitrary web script or HTML via the (1) view and (2) section parameters. NOTE: the provenance of this... Read more

    Affected Products : netflow_analyzer netflow_analyzer
    • Published: Nov. 06, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2013-1955

    Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php and (2) datePicker.php in Easy PHP Calendar 6.x and 7.x before 7.0.13 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : easy_php_calendar
    • Published: Jul. 20, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2023-1337

    The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attack... Read more

    • Published: Mar. 10, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-42129

    An Insecure direct object reference (IDOR) vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the ... Read more

    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 4.3

    MEDIUM
    CVE-2022-48364

    The undo_mark_statuses_as_sensitive method in app/services/approve_appeal_service.rb in Mastodon 3.5.x before 3.5.3 does not use the server's representative account, resulting in moderator identity disclosure when a moderator approves the appeal of a user... Read more

    Affected Products : mastodon
    • Published: Mar. 06, 2023
    • Modified: Mar. 06, 2025

  • 4.3

    MEDIUM
    CVE-2022-41921

    Discourse is an open-source discussion platform. Prior to version 2.9.0.beta13, users can post chat messages of an unlimited length, which can cause a denial of service for other users when posting huge amounts of text. Users should upgrade to version 2.9... Read more

    Affected Products : discourse
    • Published: Nov. 28, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-5331

    Cross-site scripting (XSS) vulnerability in Aflax allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : aflax
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-6852

    An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Users can provide local file paths to the RSS reader; the response and error code give hints about whether the provided file exists or not. Attackers may discover specific system file... Read more

    Affected Products : open-xchange_appsuite
    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2019-0393

    An SQL Injection vulnerability in SAP Quality Management (corrected in S4CORE versions 1.0, 1.01, 1.02, 1.03) allows an attacker to carry out targeted database queries that can read individual fields of historical inspection results.... Read more

    Affected Products : quality_management
    • Published: Nov. 13, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 294733 Results