Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2020-5333

    RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to view unauthorized information.... Read more

    Affected Products : archer
    • Published: May. 04, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-5833

    Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading security UI via a crafted HTML page.... Read more

    • Published: Jun. 27, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-2714

    The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_license' functions in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with s... Read more

    Affected Products : groundhogg
    • Published: May. 20, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-35557

    Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Table privilege with network acces... Read more

    Affected Products : database database_server
    • Published: Oct. 20, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-11054

    In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow (colors.statusbar.url.warn.fg). However, when the affected w... Read more

    Affected Products : fedora qutebrowser
    • Published: May. 07, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2004-2246

    Cross-site scripting (XSS) vulnerability in Goollery before 0.04b allows remote attackers to inject arbitrary HTML or web script via the conversation_id parameter to viewpic.php.... Read more

    Affected Products : goollery
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-2189

    The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the toggle_widget function in versions up to, and including, 1.4.3. This makes it possible f... Read more

    Affected Products : stax
    • Published: Jun. 09, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-20250

    A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.... Read more

    • Published: May. 13, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2004-1930

    Cross-site scripting (XSS) vulnerability in the cookiedecode function in mainfile.php for PHP-Nuke 6.x through 7.2, when themes are used, allows remote attackers to inject arbitrary web script or HTML via a base64-encoded user parameter or cookie.... Read more

    Affected Products : php-nuke
    • Published: Apr. 12, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-29431

    Missing Authorization vulnerability in OntheGoSystems qTranslate X Cleanup and WPML Import allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects qTranslate X Cleanup and WPML Import: from n/a through 3.0.1.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 4.3

    MEDIUM
    CVE-2004-1960

    Cross-site scripting (XSS) vulnerability in blocker_query.php in Protector System 1.15b1 allows remote attackers to inject arbitrary web script or HTML via the (1) target or (2) portNum parameters.... Read more

    Affected Products : protector_system
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2013-4997

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in (1) an anchor identifier to setup/index.php or (2) a chartTitl... Read more

    Affected Products : phpmyadmin
    • Published: Jul. 31, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1503

    Cross-site scripting (XSS) vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to inject arbitrary web script or HTML via vectors related to a chrome://net-internals URI.... Read more

    Affected Products : chrome
    • Published: Apr. 23, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2004-2492

    Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web (GmaxWWW) Desktop 5, 6, and Desktop for Jichitai 6, allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter.... Read more

    Affected Products : groupmax_world_wide_web_desktop
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2020-26932

    debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for sympa_newaliases-wrapper, whereas the intended permissions are mode 4750 (for access by the sympa group)... Read more

    Affected Products : debian_linux sympa
    • Published: Oct. 10, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-32126

    Missing Authorization vulnerability in WPoperation SALERT allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALERT: from n/a through 1.2.1.... Read more

    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 4.3

    MEDIUM
    CVE-2004-2015

    Cross-site scripting (XSS) vulnerability in WebCT Campus Edition allows remote attackers to inject arbitrary HTML or web script via (1) iframe, (2) img, or (3) object tags.... Read more

    Affected Products : webct
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-28673

    A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.... Read more

    Affected Products : octoperf_load_testing
    • Published: Apr. 02, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-2001

    An issue has been discovered in GitLab CE/EE affecting all versions before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker was able to spoof protected tags, which could potentially lead ... Read more

    Affected Products : gitlab
    • Published: Jun. 07, 2023
    • Modified: Jan. 07, 2025

  • 4.3

    MEDIUM
    CVE-2004-1827

    Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and YaBB SE 1.5.1 Final allows remote attackers to inject arbitrary web script via the background:url property in (1) glow or (2) shadow tags.... Read more

    Affected Products : yabb simple_machines_smf
    • Published: Mar. 15, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 293951 Results