Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2015-1494

    The FancyBox for WordPress plugin before 3.0.3 for WordPress does not properly restrict access, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an mfbfw[*] parameter in an update action to wp-admin/admin-post.php, as demons... Read more

    Affected Products : fancybox fancybox
    • Published: Feb. 17, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9103

    Multiple cross-site scripting (XSS) vulnerabilities in the Kunena component before 3.0.6 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) index value of an array parameter or the filename parameter in the Content-Dispo... Read more

    Affected Products : kunena
    • Published: Nov. 26, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1567

    Cross-site scripting (XSS) vulnerability in the admin page in the GD Infinite Scroll module before 7.x-1.4 for Drupal allows remote authenticated users with the "edit gd infinite scroll settings" permission to inject arbitrary web script or HTML via unspe... Read more

    Affected Products : gd_infinite_scroll
    • Published: Feb. 09, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1571

    The CAPWAP DTLS protocol implementation in Fortinet FortiOS 5.0 Patch 7 build 4457 uses the same certificate and private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveragin... Read more

    Affected Products : fortios
    • Published: Feb. 10, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1646

    Microsoft XML Core Services (aka MSXML) 3.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted DTD, aka "MSXML3 Same Origin Policy SFB Vulnerability."... Read more

    Affected Products : xml_core_services
    • Published: Apr. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1437

    Multiple cross-site scripting (XSS) vulnerabilities in Asus RT-N10+ D1 router with firmware 2.1.1.1.70 allow remote attackers to inject arbitrary web script or HTML via the flag parameter to (1) result_of_get_changed_status.asp or (2) error_page.htm.... Read more

    Affected Products : rt-n10\+d1_firmware rt-n10\+d1
    • Published: Feb. 04, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9143

    Open redirect vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the failrefer parameter.... Read more

    Affected Products : td5130_router_firmware
    • Published: Dec. 05, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2019-20407

    The ConfigureBambooRelease resource in Jira Software and Jira Software Data Center before version 8.6.1 allows authenticated remote attackers to view release version information in projects that they do not have access to through an missing authorisation ... Read more

    • Published: Mar. 17, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-1431

    Cross-site scripting (XSS) vulnerability in includes/startup.php in phpBB before 3.0.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to "Relative Path Overwrite."... Read more

    Affected Products : phpbb
    • Published: Feb. 10, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1570

    The Endpoint Control protocol implementation in Fortinet FortiClient 5.2.3.091 for Android and 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof servers via a crafted certificate.... Read more

    Affected Products : forticlient
    • Published: Feb. 10, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9094

    Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand param... Read more

    Affected Products : video_gallery
    • Published: Nov. 26, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2018-15670

    An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that OpenURL is the default URL handler. A navigation request is processed b... Read more

    Affected Products : macos airmail
    • Published: Aug. 21, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-36994

    There is a issue that trustlist strings being repeatedly inserted into the linked list in Huawei Smartphone due to race conditions. Successful exploitation of this vulnerability can cause exceptions when managing the system trustlist.... Read more

    Affected Products : emui magic_ui
    • Published: Oct. 28, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-41250

    Python discord bot is the community bot for the Python Discord community. In affected versions when a non-blacklisted URL and an otherwise triggering filter token is included in the same message the token filter does not trigger. This means that by includ... Read more

    Affected Products : bot
    • Published: Nov. 05, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-1152

    IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 122293.... Read more

    Affected Products : financial_transaction_manager
    • Published: Apr. 14, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2023-31293

    An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to obtain sensitive information and bypass profile restriction via improper access control in the Reader system user's web browser, allowing ... Read more

    Affected Products : cash_point_\&_transport_optimizer
    • Published: Dec. 29, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-36660

    A vulnerability was found in paxswill EVE Ship Replacement Program 0.12.11. It has been rated as problematic. This issue affects some unknown processing of the file src/evesrp/views/api.py of the component User Information Handler. The manipulation leads ... Read more

    Affected Products : eve_ship_replacement_program
    • Published: Feb. 06, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-47612

    Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin <= 2.4.5 leads to list column update.... Read more

    Affected Products : participants_database
    • Published: Feb. 28, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-1099

    IBM Jazz Foundation could expose potentially sensitive information to authenticated users through stack trace error conditions. IBM X-Force ID: 120659.... Read more

    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2023-1043

    A vulnerability was found in MuYuCMS 2.2. It has been classified as problematic. Affected is an unknown function of the file /editor/index.php. The manipulation of the argument dir_path leads to relative path traversal. It is possible to launch the attack... Read more

    Affected Products : muyucms
    • Published: Feb. 26, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 294846 Results