Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2023-4036

    The Simple Blog Card WordPress plugin before 1.32 does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary post title and their content such as draft, private and pa... Read more

    Affected Products : simple_blog_card
    • Published: Aug. 30, 2023
    • Modified: May. 02, 2025

  • 4.3

    MEDIUM
    CVE-2009-3915

    Cross-site scripting (XSS) vulnerability in the "Separate title and URL" formatter in the Link module 5.x before 5.x-2.6 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the link title field.... Read more

    Affected Products : drupal link
    • Published: Nov. 09, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2020-4827

    IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-For... Read more

    Affected Products : api_connect
    • Published: Feb. 04, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-2947

    Vulnerability in the PeopleSoft Enterprise HCM Absence Management product of Oracle PeopleSoft (component: Absence Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network acc... Read more

    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2009-4823

    Cross-site scripting (XSS) vulnerability in frontend/x3/files/fileop.html in cPanel 11.0 through 11.24.7 allows remote attackers to inject arbitrary web script or HTML via the fileop parameter.... Read more

    Affected Products : cpanel
    • Published: Apr. 27, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-0362

    The extended ACL functionality in Cisco IOS 12.2(58)SE2 and 15.0(1)SE discards all lines that end with a log or time keyword, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending network traffic, a... Read more

    Affected Products : ios
    • Published: May. 02, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2023-32672

    An Incorrect authorisation check in SQLLab in Apache Superset versions up to and including 2.1.0. This vulnerability allows an authenticated user to query tables that they do not have proper access to within Superset. The vulnerability can be exploited by... Read more

    Affected Products : superset
    • Published: Sep. 06, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-1161

    Cross-site scripting (XSS) vulnerability in call_entry.php in Call Center Software 0,93 allows remote attackers to inject arbitrary web script or HTML via the problem_desc parameter, as demonstrated by the ONLOAD attribute of a BODY element.... Read more

    Affected Products : call_center_software
    • Published: Mar. 02, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2014-2458

    Unspecified vulnerability in the Oracle Agile Product Lifecycle component in Oracle Supply Chain Products Suite 6.1.0.3 and 6.1.1.3 allows remote attackers to affect integrity via unknown vectors related to Install.... Read more

    Affected Products : supply_chain_products_suite
    • Published: Apr. 16, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2006-2669

    Multiple cross-site scripting (XSS) vulnerabilities in Pre Shopping Mall 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) search parameter in search.php (the "search box"), (2) the prodid parameter in detail.php, and the (3) c... Read more

    Affected Products : pre_shopping_mall
    • Published: May. 30, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2019-16752

    An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. It is possible to force wallets to send HTTP requests to arbitrary locations, both on the local network and on the internet. This is a serious threat to user priv... Read more

    • Published: Dec. 04, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-0942

    A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. It is possible to launch the atta... Read more

    Affected Products : n200re-v5_firmware n200re-v5
    • Published: Jan. 26, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-28834

    Nextcloud Server is an open source personal cloud server. Nextcloud Server 24.0.0 until 24.0.6 and 25.0.0 until 25.0.4, as well as Nextcloud Enterprise Server 23.0.0 until 23.0.11, 24.0.0 until 24.0.6, and 25.0.0 until 25.0.4, have an information disclosu... Read more

    Affected Products : nextcloud_server notes
    • Published: Apr. 03, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-16388

    PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyStream=MyAlerts request to get Audit Log information while using a low-privilege account. NOTE: The vendor states that this vulnerability was disco... Read more

    Affected Products : pega_platform
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-9517

    Cross-site scripting (XSS) vulnerability in D-link IP camera DCS-2103 with firmware before 1.20 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to vb.htm.... Read more

    Affected Products : dcs-2103_firmware dcs-2103
    • Published: Jan. 05, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-8431

    The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajaxGetGalleryJson() function in all versions up to, and including, 3.2.21. This makes it pos... Read more

    Affected Products : robo_gallery
    • Published: Oct. 08, 2024
    • Modified: Oct. 10, 2024

  • 4.3

    MEDIUM
    CVE-2009-4661

    Multiple buffer overflows in BigAnt Server 2.50 SP6 and earlier allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted ZIP file that is not properly handled when the victim uses the (1) Update or (2) Plug-In co... Read more

    Affected Products : bigant_server
    • Published: Mar. 03, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-4744

    Multiple cross-site scripting (XSS) vulnerabilities in osTicket before 1.9.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone Number field to open.php or (2) Phone number field, (3) passwd1 field, (4) passwd2 field, or (5) d... Read more

    Affected Products : osticket osticket
    • Published: Jul. 09, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2022-4426

    The Mautic Integration for WooCommerce WordPress plugin before 1.0.3 does not have proper CSRF check when updating settings, and does not ensure that the options to be updated belong to the plugin, allowing attackers to make a logged in admin change arbit... Read more

    • Published: Jan. 09, 2023
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2021-1562

    A vulnerability in the XSI-Actions interface of Cisco BroadWorks Application Server could allow an authenticated, remote attacker to access sensitive information on an affected system. This vulnerability is due to improper input validation and authorizati... Read more

    • Published: Jul. 08, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293634 Results