Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-32124

    An improper access control vulnerability [CWE-284] in FortiIsolator version 2.4.4, version 2.4.3, 2.3 all versions logging component may allow a remote authenticated read-only attacker to alter logs via a crafted HTTP request.... Read more

    Affected Products : fortiisolator
    • Published: Jul. 18, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2015-1269

    The DecodeHSTSPreloadRaw function in net/http/transport_security_state.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to bypass... Read more

    Affected Products : chrome
    • Published: Jun. 26, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9031

    Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field... Read more

    Affected Products : wordpress
    • Published: Nov. 25, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9142

    Cross-site scripting (XSS) vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to inject arbitrary web script or HTML via the failrefer parameter.... Read more

    Affected Products : td5130_router_firmware
    • Published: Dec. 05, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-7948

    The AppCacheUpdateJob::URLFetcher::OnResponseStarted function in content/browser/appcache/appcache_update_job.cc in Google Chrome before 40.0.2214.91 proceeds with AppCache caching for SSL sessions even if there is an X.509 certificate error, which allows... Read more

    Affected Products : chrome
    • Published: Jan. 22, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4423

    The Accounts subsystem in Apple iOS before 8 allows attackers to bypass a sandbox protection mechanism and obtain an active iCloud account's Apple ID and metadata via a crafted application.... Read more

    Affected Products : iphone_os
    • Published: Sep. 18, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2023-48234

    Vim is an open source command line text editor. When getting the count for a normal mode z command, it may overflow for large counts given. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been ... Read more

    Affected Products : fedora vim
    • Published: Nov. 16, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2011-1590

    The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x before 1.4.5 does not properly initialize certain global variables, which allows remote attackers to cause a denial of service (application crash) via a crafted .pcap file.... Read more

    Affected Products : wireshark
    • Published: Apr. 29, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-30260

    Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.... Read more

    Affected Products : fedora undici
    • Published: Apr. 04, 2024
    • Modified: Feb. 13, 2025

  • 4.3

    MEDIUM
    CVE-2014-7818

    Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows ... Read more

    Affected Products : opensuse rails ruby_on_rails actionpack
    • Published: Nov. 08, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2008-2518

    Cross-site scripting (XSS) vulnerability in the advanced search mechanism (webapps/search/advanced.jsp) in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vec... Read more

    Affected Products : java_system_web_server
    • Published: Jun. 03, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2014-0221

    The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS hand... Read more

    • Published: Jun. 05, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2020-3322

    A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vu... Read more

    • Published: Jun. 03, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-1433

    program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does not properly quote strings, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the style attribute in an email.... Read more

    • Published: Feb. 03, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4738

    Multiple cross-site scripting (XSS) vulnerabilities in FortiGuard FortiWeb 5.0.x, 5.1.x, and 5.2.x before 5.2.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) user/ldap_user/check_dlg or (2) user/radius_user/c... Read more

    Affected Products : fortiweb
    • Published: Jul. 11, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-7958

    Cross-site scripting (XSS) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dbhost parameter.... Read more

    Affected Products : bulletproof_security
    • Published: Nov. 06, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2359

    Cross-site scripting (XSS) vulnerability in the web applications in Microsoft Exchange Server 2013 Cumulative Update 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Exchange HTML Injection Vulnerability."... Read more

    Affected Products : exchange_server
    • Published: Jun. 10, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-30370

    RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in tha... Read more

    Affected Products : winrar
    • Published: Apr. 02, 2024
    • Modified: Jun. 20, 2025

  • 4.3

    MEDIUM
    CVE-2015-1431

    Cross-site scripting (XSS) vulnerability in includes/startup.php in phpBB before 3.0.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to "Relative Path Overwrite."... Read more

    Affected Products : phpbb
    • Published: Feb. 10, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-1402

    Mattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the m... Read more

    Affected Products : mattermost_server mattermost
    • Published: Feb. 09, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 294514 Results