Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2025-9628

    The The integration of the AMO.CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the settings_page function. This makes it possible for... Read more

    Affected Products :
    • Published: Sep. 11, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2018-20904

    cPanel before 71.9980.37 allows attackers to make API calls that bypass the cron feature restriction (SEC-427).... Read more

    Affected Products : cpanel
    • Published: Aug. 01, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-5245

    CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name.... Read more

    Affected Products : ceph_storage ceph
    • Published: Dec. 03, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2025-9631

    The AutoCatSet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.4. This is due to missing or incorrect nonce validation on the autocatset_ajax function. This makes it possible for unauthenticated a... Read more

    Affected Products :
    • Published: Sep. 11, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2015-0365

    Unspecified vulnerability in the Siebel Core - Server Infrastructure component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Security.... Read more

    Affected Products : siebel_crm
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2025-6769

    An issue has been discovered in GitLab CE/EE affecting all versions from 15.1 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to view administrator-only maintenance notes by accessing runner details th... Read more

    Affected Products :
    • Published: Sep. 12, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2016-8030

    A memory corruption vulnerability in Scriptscan COM Object in McAfee VirusScan Enterprise 8.8 Patch 8 and earlier allows remote attackers to create a Denial of Service on the active Internet Explorer tab via a crafted HTML link.... Read more

    Affected Products : virusscan_enterprise
    • Published: Apr. 25, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2014-1823

    Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2010 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing a valid meeting ID, aka "Lync Server Content Sanitizat... Read more

    Affected Products : lync_server
    • Published: Jun. 11, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2018-1050

    All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could ... Read more

    • Published: Mar. 13, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-0380

    Unspecified vulnerability in the Oracle Telecommunications Billing Integrator component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via unknow... Read more

    Affected Products : e-business_suite
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4899

    Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality via unknown vectors related to Security.... Read more

    Affected Products : glassfish_server fusion_middleware
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-1808

    Microsoft Office 2013 Gold, SP1, RT, and RT SP1 allows remote attackers to obtain sensitive token information via a web site that sends a crafted response during opening of an Office document, aka "Token Reuse Vulnerability."... Read more

    Affected Products : office
    • Published: May. 14, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2018-20937

    cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321).... Read more

    Affected Products : cpanel
    • Published: Aug. 01, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-4880

    Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 allows remote attackers to affect integrity via unknown vectors related to Content Server, a different vulnerability than CVE-2015-4867.... Read more

    Affected Products : fusion_middleware
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4854

    Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via unknown vectors related to Single Signon. NOTE: the previous inform... Read more

    Affected Products : e-business_suite
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4841

    Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM IP2014 and IP2015 allows remote attackers to affect confidentiality via unknown vectors related to Services.... Read more

    Affected Products : siebel_crm
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-3959

    Cross-site scripting (XSS) vulnerability in list.jsp in the Configuration utility in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, GTM, and Link Controller 11.2.1 through 11.5.1, AAM 11.4.0 through 11.5.1 PEM 11.3.0 through 11.5.1, PSM 11.2.1 through 11.4.1, W... Read more

    • Published: Jun. 03, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-1754

    Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 Gold and SP1, SharePoint Foundation 2013 Gold and SP1, Office Web Apps Server 2013 Gold and SP1, and SharePoint Server 2013 Client Components SDK allows remote attackers to injec... Read more

    • Published: May. 14, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2003-0481

    Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow remote attackers to insert arbitrary web script, as demonstrated using the msg parameter to file_select.php.... Read more

    Affected Products : tutos
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2014-4048

    The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows remote attackers to cause a denial of service (deadlock) by terminating a subscription request before it is complete, which triggers a SIP transaction timeout.... Read more

    Affected Products : asterisk open_source
    • Published: Jun. 17, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293553 Results