Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2015-1978

    Cross-site scripting (XSS) vulnerability in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote attackers to inject arbitrary web sc... Read more

    Affected Products : tivoli_directory_server
    • Published: Jun. 28, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2022-3361

    The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insufficient input validation on the 'template' attribute used in shortcodes. This makes it possible for attackers with administrat... Read more

    Affected Products : ultimate_member
    • Published: Nov. 29, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-6309

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in webSPELL 4.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the galleryID parameter in a usergallery upload action; or the (2) upID, (3) tag, (4) month, (5) userI... Read more

    Affected Products : webspell
    • Published: Dec. 11, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2012-4983

    Multiple cross-site scripting (XSS) vulnerabilities on the Forescout CounterACT NAC device before 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the a parameter to assets/login or (2) the query parameter to assets/rangesearch.... Read more

    Affected Products : counteract
    • Published: Dec. 05, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-43927

    Cross-Site Request Forgery (CSRF) vulnerability in Till Krüss Email Address Encoder allows Cross Site Request Forgery.This issue affects Email Address Encoder: from n/a through 1.0.23.... Read more

    Affected Products : email_address_encoder
    • Published: Jan. 02, 2025
    • Modified: Jan. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2021-33689

    When user with insufficient privileges tries to access any application in SAP NetWeaver Administrator (Administrator applications), version - 7.50, no security audit log is created. Therefore, security audit log Integrity is impacted.... Read more

    Affected Products : netweaver_application_server_java
    • Published: Jul. 14, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-20229

    A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality.... Read more

    • Published: Feb. 23, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-3146

    Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function.... Read more

    Affected Products : lxml
    • Published: May. 14, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2017-10133

    Vulnerability in the Hospitality Hotel Mobile component of Oracle Hospitality Applications (subcomponent: Suite8/RestAPI). The supported version that is affected is 1.1. Easily exploitable vulnerability allows low privileged attacker with network access v... Read more

    Affected Products : hospitality_hotel_mobile
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2010-2481

    The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF file.... Read more

    Affected Products : libtiff
    • Published: Jul. 06, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-14183

    Affected versions of Jira Server & Data Center allow a remote attacker with limited (non-admin) privileges to view a Jira instance's Support Entitlement Number (SEN) via an Information Disclosure vulnerability in the HTTP Response headers. The affected ve... Read more

    Affected Products : jira jira_server
    • Published: Oct. 06, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-9488

    Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2... Read more

    • Published: Apr. 27, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-9553

    Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.... Read more

    Affected Products : windows bridge
    • Published: Jun. 26, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-12302

    A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. The vulnerability is due to... Read more

    • Published: Nov. 16, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-10175

    Vulnerability in the Oracle iSupport component of Oracle E-Business Suite (subcomponent: Profiles). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows low privileged ... Read more

    Affected Products : isupport
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2014-1492

    The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which migh... Read more

    Affected Products : network_security_services
    • Published: Mar. 25, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2017-12365

    A vulnerability in Cisco WebEx Event Center could allow an authenticated, remote attacker to view unlisted meeting information. The vulnerability is due to a design flaw in the product. An attacker could execute a query on an Event Center site to view sch... Read more

    Affected Products : webex_meeting_center
    • Published: Nov. 30, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2020-27759

    In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned, which in some cases caused a value outside the range of type `int` to be returned. The flaw could be triggered by a crafted input file under certain cond... Read more

    Affected Products : debian_linux imagemagick
    • Published: Dec. 03, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-7570

    Drupal 8.x before 8.1.10 does not properly check for "Administer comments" permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging rights to edit those nodes.... Read more

    Affected Products : drupal
    • Published: Oct. 03, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2020-2772

    Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Absence Recording, Maintenance). Supported versions that are affected are 12.2.6-12.2.9. Easily exploitable vulnerability allows low privileged attacker with networ... Read more

    Affected Products : human_resources
    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 293511 Results