Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2014-7144

    OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remo... Read more

    • Published: Oct. 02, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2009-1885

    Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "... Read more

    Affected Products : xerces-c\+\+
    • Published: Aug. 11, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2014-6101

    Cross-site scripting (XSS) vulnerability in the redirect-login feature in IBM Business Process Manager (BPM) Advanced 7.5 through 8.5.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : business_process_manager
    • Published: Oct. 31, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2009-1030

    Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.... Read more

    Affected Products : wordpress_mu
    • Published: Mar. 20, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2004-1563

    Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow remote attackers to execute arbitrary web script or HTML via the (1) thread parameter to download_thread.php, (2) loginuser parameter to login.php, or (3) userid parameter to forg... Read more

    Affected Products : w-agora
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2015-5856

    The Application Store component in Apple iOS before 9 allows remote attackers to cause a denial of service to an enterprise-signed app via a crafted ITMS URL.... Read more

    Affected Products : iphone_os
    • Published: Sep. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-6619

    Multiple cross-site scripting (XSS) vulnerabilities in register-exec.php in Restaurant Script (PizzaInn_Project) 1.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fname, (2) lname, or (3) login parameter.... Read more

    Affected Products : restaurant_script
    • Published: Sep. 30, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2011-4128

    Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of servic... Read more

    Affected Products : gnutls
    • Published: Dec. 08, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-4032

    In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2.... Read more

    • Published: Jun. 22, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-5839

    Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect integrity via unknown vectors related to Oracle Java Web Console.... Read more

    Affected Products : sunos solaris
    • Published: Oct. 16, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-6573

    Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 11.1.3 and 12.1.4 allows remote attackers to affect integrity via unknown vectors related to User Interface Framework.... Read more

    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-2908

    The Call Now Button WordPress plugin before 1.4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowe... Read more

    Affected Products : call_now_button
    • Published: Apr. 26, 2024
    • Modified: May. 08, 2025

  • 4.3

    MEDIUM
    CVE-2017-7148

    An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Location Framework" component. It allows attackers to obtain sensitive location information via a crafted app that reads the location variable.... Read more

    Affected Products : iphone_os
    • Published: Oct. 23, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2014-7203

    libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors.... Read more

    Affected Products : libzmq zeromq
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2018-0839

    Microsoft Edge in Microsoft Windows 10 1703 allows information disclosure, due to how Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0763.... Read more

    Affected Products : edge windows_10
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-5159

    WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element.... Read more

    Affected Products : iphone_os
    • Published: Sep. 19, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-30143

    HCL AppScan Traffic Recorder fails to adequately neutralize special characters within the filename, potentially allowing it to resolve to a location beyond the restricted directory. Potential exploits can completely disrupt or takeover the application or ... Read more

    Affected Products :
    • Published: Mar. 13, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2014-6552

    Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to affect integrity via unknown vectors related to Admin Console.... Read more

    Affected Products : fusion_middleware
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2005-1135

    Cross-site scripting (XSS) vulnerability in search.php for Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter.... Read more

    Affected Products : simple_php_blog
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2014-7258

    Cross-site scripting (XSS) vulnerability in KENT-WEB Clip Board 2.91 and earlier, when running certain versions of Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : clip_board
    • Published: Dec. 05, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 294344 Results