Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2014-2336

    Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerabi... Read more

    Affected Products : fortianalyzer_firmware fortimanager
    • Published: Oct. 31, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-0896

    IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information via a crafted request.... Read more

    Affected Products : websphere_application_server
    • Published: May. 01, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-2314

    Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors.... Read more

    Affected Products : jira jira_server windows
    • Published: Mar. 09, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-6344

    The ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows attackers to conduct cross-frame scripting attacks via unknown vectors.... Read more

    Affected Products : zenworks_configuration_management
    • Published: Nov. 02, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-2065

    Cross-site scripting (XSS) vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to inject arbitrary web script or HTML via the iconSize cookie.... Read more

    Affected Products : jenkins
    • Published: Oct. 17, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-6397

    Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XS... Read more

    Affected Products : solr
    • Published: Dec. 07, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-0977

    Cross-site scripting (XSS) vulnerability in the Rich Text Editor in Movable Type 5.0x, 5.1x before 5.161, 5.2.x before 5.2.9, and 6.0.x before 6.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : movable_type movabletype
    • Published: Jan. 10, 2014
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-3788

    Unspecified vulnerability in the Oracle iSupplier Portal component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Supplier Management.... Read more

    Affected Products : e-business_suite
    • Published: Jul. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2018-17450

    An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via the Kubernetes integration, leading (for example) to disclosure of a GCP serv... Read more

    Affected Products : gitlab
    • Published: Apr. 15, 2023
    • Modified: Feb. 06, 2025

  • 4.3

    MEDIUM
    CVE-2014-1566

    Mozilla Firefox before 31.1 on Android does not properly restrict copying of local files onto the SD card during processing of file: URLs, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application.... Read more

    Affected Products : android firefox
    • Published: Sep. 03, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1564

    Cross-site scripting (XSS) vulnerability in style-underground/search in Plain Black WebGUI 7.10.29 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search field.... Read more

    Affected Products : webgui
    • Published: Feb. 09, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2018-17476

    Incorrect dialog placement in Cast UI in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to obscure the full screen warning via a crafted HTML page.... Read more

    • Published: Nov. 14, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-10136

    It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without mo... Read more

    Affected Products : satellite spacewalk
    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-45223

    Mattermost fails to properly validate the "Show Full Name" option in a few endpoints in Mattermost Boards, allowing a member to get the full name of another user even if the Show Full Name option was disabled.  ... Read more

    Affected Products : mattermost_server mattermost
    • Published: Nov. 27, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-46628

    Missing Authorization vulnerability in RedLettuce Plugins WP Word Count allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Word Count: from n/a through 3.2.4.... Read more

    Affected Products : wp_word_count
    • Published: Jan. 02, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2016-5611

    Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality via vectors related to Core.... Read more

    Affected Products : vm_virtualbox
    • Published: Oct. 25, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2022-30957

    A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.... Read more

    Affected Products : ssh
    • Published: May. 17, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2018-0927

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Serv... Read more

    • Published: Mar. 14, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2006-6999

    attachment.php in Headstart Solutions DeskPRO allows remote attackers to read all uploaded files by providing the file number in a modified id parameter.... Read more

    Affected Products : deskpro
    • Published: Feb. 12, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2018-2901

    Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via DHCP to co... Read more

    Affected Products : solaris solaris
    • Published: Jul. 18, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293631 Results