Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2016-8912

    IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log files that could be read by an authenticated user.... Read more

    Affected Products : kenexa_lms_on_cloud
    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2014-2907

    The srtp_add_address function in epan/dissectors/packet-rtp.c in the RTP dissector in Wireshark 1.10.x before 1.10.7 does not properly update SRTP conversation data, which allows remote attackers to cause a denial of service (application crash) via a craf... Read more

    Affected Products : wireshark
    • Published: Apr. 24, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2021-21288

    CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1 the download feature has an SSRF vulnerability, allowing attacks to provide DNS entries o... Read more

    Affected Products : carrierwave
    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-8328

    Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control). The supported version that is affected is Java SE: 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple pr... Read more

    Affected Products : jdk jre
    • Published: Jan. 27, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-8344

    An issue was discovered in Honeywell Experion Process Knowledge System (PKS) platform: Experion PKS, Release 3xx and prior, Experion PKS, Release 400, Experion PKS, Release 410, Experion PKS, Release 430, and Experion PKS, Release 431. Experion PKS does n... Read more

    Affected Products : experion_process_knowledge_system
    • Published: Feb. 13, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2019-1563

    In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any... Read more

    Affected Products : openssl
    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-21467

    SAP Banking Services (Generic Market Data) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. An unauthorized User is allowed to display restricted Business Partner Generic Market Data (GMD), ... Read more

    Affected Products : banking_services
    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-8612

    Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process.... Read more

    • Published: Mar. 09, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-21331

    The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. The Datadog API is executed on a unix-like system with multiple users. The API is used... Read more

    Affected Products : datadog-api-client-java
    • Published: Mar. 03, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-10105

    Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multipl... Read more

    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-4620

    The Sandbox Profiles component in Apple iOS before 10 does not properly restrict access to directory metadata for SMS draft directories, which allows attackers to discover text-message recipients via a crafted app.... Read more

    Affected Products : iphone_os
    • Published: Sep. 18, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-7570

    Drupal 8.x before 8.1.10 does not properly check for "Administer comments" permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging rights to edit those nodes.... Read more

    Affected Products : drupal
    • Published: Oct. 03, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-2313

    Directory traversal vulnerability in the Importers plugin in Atlassian JIRA before 6.0.5 allows remote attackers to create arbitrary files via unspecified vectors.... Read more

    Affected Products : jira jira_server windows
    • Published: Mar. 09, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-7577

    An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the "FaceTime" component, which allows remote attackers to trigger memory corruption and obtain audio data from a call tha... Read more

    Affected Products : mac_os_x iphone_os
    • Published: Feb. 20, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2025-48259

    Cross-Site Request Forgery (CSRF) vulnerability in Juan Carlos WP Mapa Politico España allows Cross Site Request Forgery. This issue affects WP Mapa Politico España: from n/a through 3.8.0.... Read more

    Affected Products : wp_mapa_politico_espana
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-31529

    Missing Authorization vulnerability in Rashid Slider Path for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Slider Path for Elementor: from n/a through 3.0.0.... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-5928

    The WP Sliding Login/Dashboard Panel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the wp_sliding_panel_user_options() function. This m... Read more

    Affected Products :
    • Published: Jun. 13, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-55006

    Frappe Learning is a learning system that helps users structure their content. In versions 2.33.0 and below, the image upload functionality did not adequately sanitize uploaded SVG files. This allowed users to upload SVG files containing embedded JavaScri... Read more

    Affected Products : frappe_lms
    • Published: Aug. 09, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2025-5933

    The RD Contacto plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the rdWappUpdateData() function. This makes it possible for unauthenticated... Read more

    Affected Products :
    • Published: Jul. 04, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-31239

    A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may ... Read more

    Affected Products : macos iphone_os tvos watchos ipados visionos
    • Published: May. 12, 2025
    • Modified: Aug. 21, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 294182 Results