Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2018-0135

    A vulnerability in Cisco Unified Communications Manager could allow an authenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software improperly validates user-supplied search i... Read more

    Affected Products : unified_communications_manager
    • Published: Feb. 08, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-7937

    An Improper Authentication issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2. An attacker may be able to gain unauthorized access to the user firewall when RADIUS servers are unreachable.... Read more

    Affected Products : mguard_firmware mguard_firmware mguard
    • Published: May. 19, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2021-24207

    By default, the WP Page Builder WordPress plugin before 1.2.4 allows subscriber-level users to edit and make changes to any and all posts pages - user roles must be specifically blocked from editing posts and pages.... Read more

    Affected Products : wp_page_builder
    • Published: Apr. 05, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-25110

    The Futurio Extra WordPress plugin before 1.6.3 allows any logged in user, such as subscriber, to extract any other user's email address.... Read more

    Affected Products : futurio_extra
    • Published: Feb. 14, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-4543

    Cross-site scripting (XSS) vulnerability in enter_bug.cgi in Bugzilla 2.17.1 through 2.20.4, 2.22.x before 2.22.3, and 3.x before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the buildid field in the "guided form."... Read more

    Affected Products : bugzilla
    • Published: Aug. 27, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-2995

    Unspecified vulnerability in sysmgt.websm.rte in IBM AIX 5.2.0 and 5.3.0 has unknown impact and attack vectors.... Read more

    Affected Products : aix
    • Published: Jun. 04, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2018-1000057

    Jenkins Credentials Binding Plugin 1.14 and earlier masks passwords it provides to build processes in their build logs. Jenkins however transforms provided password values, e.g. replacing environment variable references, which could result in values diffe... Read more

    Affected Products : credentials_binding
    • Published: Feb. 09, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-41437

    Zohocorp ManageEngine OpManager, NetFlow Analyzer, Network Configuration Manager, Firewall Analyzer and OpUtils versions 128565 and below are vulnerable to Reflected XSS on the login page.... Read more

    Affected Products : manageengine_opmanager
    • Published: Jun. 09, 2025
    • Modified: Jun. 09, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2017-3871

    A RADIUS Secret Disclosure vulnerability in the web network management interface of Cisco Prime Optical for Service Providers could allow an authenticated, remote attacker to disclose sensitive information in the configuration generated for a device. The ... Read more

    Affected Products : prime_optical
    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2021-22240

    Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14.0.2 allows users to be created via single sign on despite user cap being enabled... Read more

    Affected Products : gitlab
    • Published: Aug. 05, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-3843

    A vulnerability in the file download functions for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to download system files that should be restricted. More Information: CSCvc99446. Known Affected Releases: 11.5(0).... Read more

    Affected Products : prime_collaboration_assurance
    • Published: Feb. 22, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-3651

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged at... Read more

    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2018-1000109

    An improper authorization vulnerability exists in Jenkins Google Play Android Publisher Plugin version 1.6 and earlier in GooglePlayBuildStepDescriptor.java that allow an attacker to obtain credential IDs.... Read more

    Affected Products : google-play-android-publisher
    • Published: Mar. 13, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2018-0919

    Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint ... Read more

    • Published: Mar. 14, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2018-1000105

    An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to retrieve some configuration information... Read more

    Affected Products : gerrit_trigger
    • Published: Mar. 13, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2018-1000193

    A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names containing control characters that can then appear to ha... Read more

    • Published: Jun. 05, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2006-0894

    Multiple cross-site scripting (XSS) vulnerabilities in NOCC Webmail 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the html_error_occurred parameter in error.php, (2) html_filter_select parameter in filter_prefs.php, (3) html_no... Read more

    Affected Products : nocc
    • Published: Feb. 25, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2007-3156

    Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter. NOTE: some of thes... Read more

    Affected Products : webmin usermin
    • Published: Jun. 11, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2019-5435

    An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1.... Read more

    Affected Products : curl
    • Published: May. 28, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-5386

    Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string.... Read more

    Affected Products : phpmyadmin
    • Published: Oct. 12, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 293658 Results