Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2006-4224

    Cross-site scripting (XSS) vulnerability in calendar.php in Virtual War (VWar) 1.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the year parameter. NOTE: The page parameter vector is covered by CVE-2006-4009.... Read more

    Affected Products : virtual_war
    • Published: Aug. 18, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2015-7042

    The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7040, CVE-2015-7041, and CVE-2015-7043.... Read more

    Affected Products : mac_os_x iphone_os tvos watchos
    • Published: Dec. 11, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2021-44699

    Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Expl... Read more

    Affected Products : macos windows audition
    • Published: Dec. 20, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-3058

    Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : joomla\!
    • Published: May. 03, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2023-43494

    Jenkins 2.50 through 2.423 (both inclusive), LTS 2.60.1 through 2.414.1 (both inclusive) does not exclude sensitive build variables (e.g., password parameter values) from the search in the build history widget, allowing attackers with Item/Read permission... Read more

    Affected Products : jenkins
    • Published: Sep. 20, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2008-5688

    MediaWiki 1.8.1, and other versions before 1.13.3, when the wgShowExceptionDetails variable is enabled, sometimes provides the full installation path in a debugging message, which might allow remote attackers to obtain sensitive information via unspecifie... Read more

    Affected Products : mediawiki
    • Published: Dec. 19, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-5239

    Multiple cross-site scripting (XSS) vulnerabilities in eXpBlog 0.3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the query string (PHP_SELF) in kalender.php or (2) the captcha_session_code parameter in pre_details.php... Read more

    Affected Products : expblog
    • Published: Oct. 12, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-2160

    Cross-site scripting (XSS) vulnerability in Russcom Network Loginphp (Russcom.Loginphp) allows remote attackers to inject arbitrary web script or HTML via the username field when registering.... Read more

    Affected Products : loginphp
    • Published: May. 03, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-2232

    Cross-site scripting (XSS) vulnerability in Scriptsez Cute Guestbook 20060211 allows remote attackers to inject arbitrary web script or HTML via the Comments field when signing the guestbook.... Read more

    Affected Products : cute_guestbook
    • Published: May. 05, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2013-3267

    Cross-site scripting (XSS) vulnerability in the highlighter plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : joomla\!
    • Published: May. 03, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2023-41116

    An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to refresh any materialized view, regardless o... Read more

    Affected Products : postgres_advanced_server
    • Published: Dec. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-39993

    Missing Authorization vulnerability in Wpmet Elements kit Elementor addons.This issue affects Elements kit Elementor addons: from n/a through 2.9.0.... Read more

    Affected Products : elements_kit_elementor_addons
    • Published: Jun. 19, 2024
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2015-6249

    The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 does not prevent the conflicting use of a table for both IPv4 and IPv6 addresses, which allows remote attackers to cau... Read more

    Affected Products : wireshark solaris
    • Published: Aug. 24, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6247

    The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 does not validate a certain offset value, which allows remote attackers to cause a denial of service (infinite lo... Read more

    Affected Products : wireshark solaris
    • Published: Aug. 24, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2018-8123

    An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-1021.... Read more

    Affected Products : edge
    • Published: May. 09, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-5825

    WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movement, or network traffic via crafted JavaScript code.... Read more

    Affected Products : iphone_os safari
    • Published: Sep. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-5820

    WebKit in Apple iOS before 9 allows remote attackers to trigger a dialing action via a crafted (1) tel://, (2) facetime://, or (3) facetime-audio:// URL.... Read more

    Affected Products : iphone_os safari
    • Published: Sep. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2023-41037

    OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In affected versions OpenPGP Cleartext Signed Messages are cryptographically signed messages where the signed text is readable without special tools. These messages typically contain a "Ha... Read more

    Affected Products : openpgpjs
    • Published: Aug. 29, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-3735

    Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Aug. 01, 2023
    • Modified: Jul. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-3140

    Missing HTTP headers (X-Frame-Options, Content-Security-Policy) in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user ... Read more

    Affected Products : business_hub
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293605 Results