Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-38808

    In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Specifically, an applica... Read more

    • Published: Aug. 20, 2024
    • Modified: Jun. 18, 2025

  • 4.3

    MEDIUM
    CVE-2016-0077

    Microsoft Internet Explorer 9 through 11 and Microsoft Edge misparse HTTP responses, which allows remote attackers to spoof web sites via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability."... Read more

    Affected Products : edge internet_explorer
    • Published: Feb. 10, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-37103

    Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Education Zone allows Cross Site Request Forgery.This issue affects Education Zone: from n/a through 1.3.4.... Read more

    Affected Products :
    • Published: Jan. 02, 2025
    • Modified: Jan. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2010-3709

    The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive.... Read more

    Affected Products : ubuntu_linux php
    • Published: Nov. 09, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-27754

    In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIn... Read more

    Affected Products : debian_linux imagemagick
    • Published: Dec. 08, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-37102

    Cross-Site Request Forgery (CSRF) vulnerability in Blossom Themes Vilva allows Cross Site Request Forgery.This issue affects Vilva: from n/a through 1.2.2.... Read more

    Affected Products :
    • Published: Jan. 02, 2025
    • Modified: Jan. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2015-6374

    The web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attac... Read more

    • Published: Nov. 19, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2010-3493

    Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept functi... Read more

    Affected Products : python
    • Published: Oct. 19, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-6356

    Cross-site scripting (XSS) vulnerability in the WeChat page in Cisco Social Miner 10.0(1) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuw60212.... Read more

    Affected Products : socialminer
    • Published: Nov. 04, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-0297

    IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could allow a remote attacker to obtain sensitive information due to a missing HTTP Strict-Transport-Security Header through man in the middle techniques.... Read more

    Affected Products : bigfix_platform
    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-7674

    The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisonin... Read more

    Affected Products : tomcat
    • Published: Aug. 11, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2010-2155

    Multiple cross-site scripting (XSS) vulnerabilities in zc/publisher/html.rb in ZoneCheck 2.1.0 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) xmlnode.value, (2) zc-error text, (3) $zc_version, (4) domainname in a ... Read more

    Affected Products : zonecheck
    • Published: Jun. 03, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2016-0320

    IBM UrbanCode Deploy could allow an authenticated user to modify Ucd objects due to multiple REST endpoints not properly authorizing users editing UCD objects. This could affect the behavior of legitimately triggered processes.... Read more

    Affected Products : urbancode_deploy
    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2019-13705

    Insufficient policy enforcement in extensions in Google Chrome prior to 78.0.3904.70 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension.... Read more

    Affected Products : chrome backports
    • Published: Nov. 25, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-0308

    IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images.... Read more

    Affected Products : connections
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-0594

    Unspecified vulnerability in Oracle MySQL 5.6.21 and earlier allows remote authenticated users to affect availability via vectors related to DML.... Read more

    Affected Products : leap mysql opensuse
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2021-2480

    Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 11.1.1.9.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to... Read more

    Affected Products : http_server
    • Published: Oct. 20, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-8284

    A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for ... Read more

    • Published: Dec. 14, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-39691

    matrix-appservice-irc is a Node.js IRC bridge for the Matrix messaging protocol. The fix for GHSA-wm4w-7h2q-3pf7 / CVE-2024-32000 included in matrix-appservice-irc 2.0.0 relied on the Matrix homeserver-provided timestamp to determine whether a user has ac... Read more

    Affected Products : matrix_irc_bridge
    • Published: Jul. 05, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-10797

    cPanel before 58.0.4 allows WHM "Purchase and Install an SSL Certificate" page visitors to list all server domains (SEC-133).... Read more

    Affected Products : cpanel
    • Published: Aug. 06, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 293646 Results