Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2003-1531

    Cross-site scripting (XSS) vulnerability in testcgi.exe in Lilikoi Software Ceilidh 2.70 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string.... Read more

    Affected Products : ceilidh
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2020-3222

    A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to bypass access control restrictions on an affected device. The vulnerability is due to the presence of a proxy service at... Read more

    Affected Products : ios_xe ios_xe
    • Published: Jun. 03, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-29064

    The FACSChorus software contains sensitive information stored in plaintext. A threat actor could gain hardcoded secrets used by the application, which include tokens and passwords for administrative accounts.... Read more

    • Published: Nov. 28, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-3182

    A vulnerability in the multicast DNS (mDNS) protocol configuration of Cisco Webex Meetings Client for MacOS could allow an unauthenticated adjacent attacker to obtain sensitive information about the device on which the Webex client is running. The vulnera... Read more

    Affected Products : webex_meetings
    • Published: Mar. 04, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2003-1484

    Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) by creating a DHTML link that uses the AnchorClick "A" object with a blank href attribute.... Read more

    Affected Products : ie
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2021-1771

    This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. A user that is removed from an iMessage group could rejoin the group.... Read more

    Affected Products : macos mac_os_x
    • Published: Apr. 02, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-1354

    A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager (UCSM). This vulnerability is due t... Read more

    • Published: Feb. 04, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-29046

    Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the co... Read more

    Affected Products : open-xchange_appsuite
    • Published: Nov. 02, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2004-2180

    Multiple cross-site scripting (XSS) vulnerabilities in WowBB Forum 1.61 allow remote attackers to inject arbitrary web script or HTML via the (1) country parameter to view_user.php, (2) show parameter to view_forum.php, (3) letter parameter to view_user.p... Read more

    Affected Products : wowbb_web_forum
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-2627

    The KiviCare WordPress plugin before 3.2.1 does not have proper CSRF and authorisation checks in various AJAX actions, allowing any authenticated users, such as subscriber to call them. Attacks include but are not limited to: Add arbitrary Clinic Admin/Do... Read more

    Affected Products : kivicare
    • Published: Jun. 27, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2004-2245

    Cross-site scripting (XSS) vulnerability in Goollery 0.03 allows remote attackers to inject arbitrary HTML or web script via the (1) page parameter to viewalbum.php or (2) btopage parameter to viewpic.php.... Read more

    Affected Products : goollery
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-2632

    Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.... Read more

    Affected Products : code_dx
    • Published: May. 16, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2003-1554

    Cross-site scripting (XSS) vulnerability in scozbook/add.php in ScozNet ScozBook 1.1 BETA allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) useremail, (3) aim, (4) msn, (5) sitename and (6) siteaddy variables.... Read more

    Affected Products : scozbook
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2003-1583

    Cross-site scripting (XSS) vulnerability in WebTrends allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.... Read more

    Affected Products : webtrends_log_analyzer
    • Published: Feb. 05, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2003-1556

    Cross-site scripting (XSS) vulnerability in cc_guestbook.pl in CGI City CC GuestBook allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) homepage_title (webpage title) parameters.... Read more

    Affected Products : cc_guestbook
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2017-10123

    Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). The supported version that is affected is 12.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HT... Read more

    Affected Products : weblogic_server
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2023-2562

    The Gallery Metabox for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the refresh_metabox function in versions up to, and including, 1.5. This makes it possible for subscriber-level attackers to obtain a list ... Read more

    Affected Products : gallery-metabox
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2018-11327

    An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to see the names of tags that were either unpublished or published with restricted view permission.... Read more

    Affected Products : joomla\!
    • Published: May. 22, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-8778

    The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the nitropack_set_compression_ajax() function in all versions up to, and including, 1.18.4. This makes it possible for authenticated... Read more

    Affected Products : nitropack
    • Published: Sep. 10, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2023-2556

    The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the anonymous function for the wpcs_sd_delete action in versions up to, and including, 1.1.9. ... Read more

    Affected Products : wordpress_currency_switcher
    • Published: Jun. 09, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 294316 Results