Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2016-0430

    Unspecified vulnerability in the Web Cache component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect confidentiality via vectors related to SSL support, a different vulnerability than CVE-2016-0439.... Read more

    Affected Products : fusion_middleware
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-0506

    Unspecified vulnerability in the Oracle Retail Order Management System Cloud Service component in Oracle Retail Applications 3.5, 4.5, 4.7, 5.0, and 15.0 allows remote attackers to affect confidentiality via unknown vectors related to Order Entry.... Read more

    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-0497

    Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.2.2, 6.1.3.0, and 6.2.0.0 allows remote attackers to affect integrity via unknown vectors related to Web Client.... Read more

    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-0464

    Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via vectors related to WLS-Console.... Read more

    Affected Products : weblogic_server fusion_middleware
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-37450

    Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Benevolent allows Cross Site Request Forgery.This issue affects Benevolent: from n/a through 1.3.4.... Read more

    Affected Products :
    • Published: Jan. 02, 2025
    • Modified: Jan. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2016-0463

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect confidentiality via unknown vectors related to Portal.... Read more

    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-0508

    Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 6.0 and 6.1 allows remote attackers to affect integrity via unknown vectors related to Learner Administration.... Read more

    Affected Products : ilearning
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2008-1588

    Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to spoof the address bar via Unicode ideographic spaces in the URL.... Read more

    Affected Products : iphone_os safari iphone ipod_touch
    • Published: Jul. 14, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-37440

    Missing Authorization vulnerability in Andy Moyle Church Admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through 4.4.4.... Read more

    Affected Products :
    • Published: Nov. 01, 2024
    • Modified: Nov. 01, 2024

  • 4.3

    MEDIUM
    CVE-2024-37540

    Cross-Site Request Forgery (CSRF) vulnerability in Leaky Paywall Leaky Paywall allows Cross Site Request Forgery.This issue affects Leaky Paywall: from n/a through 4.21.2.... Read more

    Affected Products : leaky_paywall
    • Published: Jan. 02, 2025
    • Modified: Jan. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2016-0429

    Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect integrity via unknown vectors related to Scheduler, a different vulnerability than CVE-2016-0401.... Read more

    Affected Products : fusion_middleware
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-37421

    Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme JobScout allows Cross Site Request Forgery.This issue affects JobScout: from n/a through 1.1.4.... Read more

    Affected Products :
    • Published: Jan. 02, 2025
    • Modified: Jan. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2020-6570

    Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information via a crafted WebRTC interaction.... Read more

    • Published: Sep. 21, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-15219

    Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, when a download error is triggered in the user portal, an SQL query is displayed to the user. This is fixed in versions 2.7.2 and 3.0.0.... Read more

    Affected Products : itop
    • Published: Jan. 13, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2011-1743

    Cross-site scripting (XSS) vulnerability in EMC Captiva eInput 2.1.1 before 2.1.1.37 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : captiva_einput
    • Published: Aug. 01, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-1825

    Multiple cross-site scripting (XSS) vulnerabilities in the Administrative Console in CA Arcot WebFort Versatile Authentication Server (VAS) before 6.2.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • Published: May. 05, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-0073

    Unspecified vulnerability in the Oracle Forms component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors.... Read more

    Affected Products : e-business_suite
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-0009

    Best Practical Solutions RT 3.x before 3.8.9rc2 and 4.x before 4.0.0rc4 uses the MD5 algorithm for password hashes, which makes it easier for context-dependent attackers to determine cleartext passwords via a brute-force attack on the database.... Read more

    Affected Products : rt request_tracker
    • Published: Jan. 25, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-4634

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted database name, related to the Database Synchronize panel; (2) a crafted database name, rel... Read more

    Affected Products : phpmyadmin
    • Published: Dec. 22, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-1723

    Cross-site scripting (XSS) vulnerability in app/views/layouts/base.rhtml in Redmine 1.0.1 through 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to projects/hg-helloworld/news/. NOTE: some of these details are obta... Read more

    Affected Products : redmine
    • Published: Apr. 19, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 293633 Results