Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2013-4135

    The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.... Read more

    Affected Products : debian_linux openafs
    • Published: Nov. 05, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2007-3948

    connections.c in lighttpd before 1.4.16 might accept more connections than the configured maximum, which allows remote attackers to cause a denial of service (failed assertion) via a large number of connection attempts.... Read more

    Affected Products : lighttpd
    • Published: Jul. 24, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-2686

    Cross-site scripting (XSS) vulnerability in index.php in Jetbox CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in a sendpwd task.... Read more

    Affected Products : jetbox_cms
    • Published: May. 22, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-7165

    IBM WebSphere Application Server (WAS) 5.0 through 5.1.1.0 allows remote attackers to obtain JSP source code and other sensitive information via certain "special URIs."... Read more

    Affected Products : websphere_application_server
    • Published: Mar. 20, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-1825

    An issue has been discovered in GitLab EE affecting all versions starting from 15.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. It was possible to disclose issue notes to an unauthorized ... Read more

    Affected Products : gitlab
    • Published: Jun. 07, 2023
    • Modified: Mar. 20, 2025

  • 4.3

    MEDIUM
    CVE-2006-7164

    SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information ... Read more

    • Published: Mar. 20, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-49969

    Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parameter at /customer_support/index.php?page=edit_customer.... Read more

    Affected Products : customer_support_system
    • Published: Mar. 05, 2024
    • Modified: Mar. 28, 2025

  • 4.3

    MEDIUM
    CVE-2007-4930

    Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 207W camera allow remote attackers to perform certain actions as administrators via (1) axis-cgi/admin/restart.cgi, (2) the user and sgrp parameters to axis-cgi/admin/pwdgrp.cgi in an ... Read more

    Affected Products : 207w_network_camera
    • Published: Sep. 18, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-4929

    Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 207W camera allow remote attackers to inject arbitrary web script or HTML via the camNo parameter to incl/image_incl.shtml, and other unspecified vectors.... Read more

    Affected Products : 207w_network_camera
    • Published: Sep. 18, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-1606

    Multiple cross-site scripting (XSS) vulnerabilities in w-Agora (Web-Agora) allow remote attackers to inject arbitrary web script or HTML via (1) the showuser parameter to profile.php, the (2) search_forum or (3) search_user parameter to search.php, or (4)... Read more

    Affected Products : w-agora
    • Published: Mar. 22, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-38477

    Missing Authorization vulnerability in Stanislav Kuznetsov QR code MeCard/vCard generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects QR code MeCard/vCard generator: from n/a through 1.6.0.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 4.3

    MEDIUM
    CVE-2013-3374

    Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session store, allows remote attackers to obtain sensitive information (user preferences and caches) via unknown vectors, r... Read more

    Affected Products : rt request_tracker
    • Published: Aug. 23, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2023-3443

    An issue has been discovered in GitLab affecting all versions starting from 12.1 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a Guest user to add an emoji on confidential ... Read more

    Affected Products : gitlab
    • Published: Dec. 01, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-6121

    Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.8.5 allows remote attackers to inject arbitrary web script or HTML via a (1) data:text or (2) vbscript link.... Read more

    Affected Products : webmail roundcube_webmail
    • Published: Feb. 24, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2023-1229

    Inappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Mar. 07, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-4904

    RealNetworks RealPlayer 10.1.0.3114 and earlier, and Helix Player 1.0.6.778 on Fedora Core 6 (FC6) and possibly other platforms, allow user-assisted remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a... Read more

    Affected Products : realplayer helix_player
    • Published: Sep. 17, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-1610

    Cross-site scripting (XSS) vulnerability in the RSS reader in Glue Software NewsGlue before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via a feed.... Read more

    Affected Products : newsglue
    • Published: Mar. 22, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-4896

    Multiple cross-site scripting (XSS) vulnerabilities in admin/header.php in Toms Gaestebuch 1.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) lang[adminseite], (2) lang[ueberschrift], or (3) einst[metachar] paramete... Read more

    Affected Products : toms_gastenbuch
    • Published: Sep. 14, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-0921

    A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, sat... Read more

    Affected Products : gitlab
    • Published: Jun. 06, 2023
    • Modified: May. 05, 2025

  • 4.3

    MEDIUM
    CVE-2007-2720

    Group-Office before 2.16-13 does not properly validate user IDs, which allows remote attackers to obtain sensitive information via certain requests for (1) message.php and (2) messages.php in modules/email/. NOTE: some of these details are obtained from t... Read more

    Affected Products : group_office group-office_groupware
    • Published: May. 16, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 293635 Results