Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2021-4413

    The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthent... Read more

    Affected Products : process_steps_template_designer
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2004-1397

    Cross-site scripting (XSS) vulnerability in UseModWiki 1.0 allows remote attackers to inject arbitrary web script or HTML via an argument to wiki.pl.... Read more

    Affected Products : usemodwiki
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2018-1468

    IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get access to internal environment and sensitive API details to which they are not authorized. IBM X-Force ID: 140399.... Read more

    Affected Products : api_connect
    • Published: May. 02, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2004-1544

    Cross-site scripting (XSS) vulnerability in Search.jsp in JSPWiki 2.1.120-cvs and earlier allows remote attackers to execute arbitrary web script as other users via the query parameter.... Read more

    Affected Products : jspwiki
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2019-15733

    An issue was discovered in GitLab Community and Enterprise Edition 7.12 through 12.2.1. The specified default branch name could be exposed to unauthorized users.... Read more

    Affected Products : gitlab
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-27920

    Improper access control vulnerability in the system date/time setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to alter system date/time of the af... Read more

    • Published: May. 23, 2023
    • Modified: Jan. 31, 2025

  • 4.3

    MEDIUM
    CVE-2021-35603

    Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to ex... Read more

    • Published: Oct. 20, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-13001

    An issue was discovered in GitLab Community and Enterprise Edition 11.9 and later through 12.0.2. GitLab Snippets were vulnerable to an authorization issue that allowed unauthorized users to add comments to a private snippet. It allows authentication bypa... Read more

    Affected Products : gitlab
    • Published: Mar. 10, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-25749

    Android applications with unpatched vulnerabilities can be launched from a browser using Intents, exposing users to these vulnerabilities. Firefox will now confirm with users that they want to launch an external application before doing so. <br>*This bug ... Read more

    Affected Products : firefox
    • Published: Jun. 02, 2023
    • Modified: Jan. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-25750

    Under certain circumstances, a ServiceWorker's offline cache may have leaked to the file system when using private browsing mode. This vulnerability affects Firefox < 111.... Read more

    Affected Products : firefox
    • Published: Jun. 02, 2023
    • Modified: Jan. 09, 2025

  • 4.3

    MEDIUM
    CVE-2020-1444

    A remote code execution vulnerability exists in the way Microsoft SharePoint software parses specially crafted email messages, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'.... Read more

    • Published: Jul. 14, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-25748

    By displaying a prompt with a long description, the fullscreen notification could have been hidden, resulting in potential user confusion or spoofing attacks. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This v... Read more

    Affected Products : firefox
    • Published: Jun. 02, 2023
    • Modified: Jan. 09, 2025

  • 4.3

    MEDIUM
    CVE-2004-0787

    Cross-site scripting (XSS) vulnerability in the web frontend in OpenCA 0.9.1-8 and earlier, and 0.9.2 RC6 and earlier, allows remote attackers to inject arbitrary web script or HTML via the form input fields.... Read more

    Affected Products : openca
    • Published: Oct. 20, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-0781

    Cross-site scripting (XSS) vulnerability in list.cgi in the Icecast internal web server (icecast-server) 1.3.12 and earlier allows remote attackers to inject arbitrary web script via the UserAgent parameter.... Read more

    Affected Products : icecast
    • Published: Oct. 20, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2019-12434

    An issue was discovered in GitLab Community and Enterprise Edition 10.6 through 11.11. Users could guess the URL slug of private projects through the contrast of the destination URLs of issues linked in comments. It allows Information Disclosure.... Read more

    Affected Products : gitlab
    • Published: Mar. 10, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-11586

    The AddResolution.jspa resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to create new resolutions via a Cross-site request forgery (CSRF) vulnerability.... Read more

    Affected Products : jira jira_server
    • Published: Aug. 23, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-11544

    An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It allows Information Disclosure. Non-member users who subscribe to notifications of an internal ... Read more

    Affected Products : gitlab
    • Published: Sep. 09, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-25687

    IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to obtain sensitive information from log files. IBM X-Force ID: 247602.... Read more

    Affected Products : security_key_lifecycle_manager
    • Published: Mar. 21, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-28360

    An omission of security-relevant information vulnerability exists in Brave desktop prior to version 1.48.171 when a user was saving a file there was no download safety check dialog presented to the user.... Read more

    Affected Products : brave
    • Published: May. 11, 2023
    • Modified: Jan. 27, 2025

  • 4.3

    MEDIUM
    CVE-2013-7343

    Cross-site scripting (XSS) vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.3 allows remote attackers to inject arbitrary web script or HTML by using URL encoding within the callback parameter name. NOTE: this vulnera... Read more

    Affected Products : flowplayer_html5
    • Published: Mar. 24, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 294848 Results