Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2023-22471

    Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Broken access control allows a user to delete attachments of other users. There are currently no known workarounds. It is rec... Read more

    Affected Products : deck nextcloud_server notes
    • Published: Jan. 14, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-32369

    SQL Injection vulnerability in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the start and limit parameter in the mliWhiteList.php component.... Read more

    Affected Products : mailinspector
    • Published: May. 07, 2024
    • Modified: Jun. 17, 2025

  • 4.3

    MEDIUM
    CVE-2009-4398

    Cross-site scripting (XSS) vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : typo3 hs_religiousartgallery
    • Published: Dec. 22, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2021-34888

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou... Read more

    Affected Products : microstation view bentley_view
    • Published: Jan. 13, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-34887

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou... Read more

    Affected Products : microstation view bentley_view
    • Published: Jan. 13, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-4719

    Cross-site scripting (XSS) vulnerability in the login panel (svn/login/) in User-Friendly SVN (aka USVN) before 1.0.7 allows remote attackers to inject arbitrary web script or HTML via the username field.... Read more

    Affected Products : usvn user-friendly_svn
    • Published: Jul. 03, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2021-34884

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou... Read more

    Affected Products : microstation view bentley_view
    • Published: Jan. 13, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-34881

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou... Read more

    Affected Products : microstation view bentley_view
    • Published: Jan. 13, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-0195

    Cross-site scripting (XSS) vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Requ... Read more

    • Published: Mar. 13, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2023-35800

    Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions. An ACL entry on the SES Evolution agent directory that contains the agent logs displayed in the GUI allows interactive users to read data, which could allow access to in... Read more

    Affected Products : endpoint_security
    • Published: Jun. 27, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-21382

    Microsoft Edge for Android Information Disclosure Vulnerability... Read more

    Affected Products : android edge_chromium
    • Published: Jan. 26, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-9561

    Cross-site scripting (XSS) vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote attackers to inject arbitrary web script or HTML via the post parameter.... Read more

    Affected Products : softbb
    • Published: Jan. 15, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9559

    Cross-site scripting (XSS) vulnerability in SnipSnap 0.5.2a, 1.0b1, and 1.0b2 allows remote attackers to inject arbitrary web script or HTML via the query parameter to /snipsnap-search.... Read more

    Affected Products : snipsnap
    • Published: Feb. 03, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2023-6226

    The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the su_meta shortcode due to missing validation on the user controlled keys 'key' and 'p... Read more

    • Published: Nov. 28, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-37315

    Nextcloud Server is a self hosted personal cloud system. An attacker with read-only access to a file is able to restore older versions of a document when the files_versions app is enabled. It is recommended that the Nextcloud Server is upgraded to 26.0.12... Read more

    Affected Products : nextcloud_server notes
    • Published: Jun. 14, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-37254

    Missing Authorization vulnerability in mndpsingh287 File Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects File Manager: from n/a through 7.2.7.... Read more

    Affected Products : file_manager
    • Published: Nov. 01, 2024
    • Modified: Nov. 01, 2024

  • 4.3

    MEDIUM
    CVE-2023-40388

    A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. Safari may save photos to an unprotected location.... Read more

    Affected Products : macos
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-47168

    Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves data exposure due to the enable_monitoring flag not properly disabling monitoring when set to False. Even when monitoring is supposedly disabled, an attack... Read more

    Affected Products : gradio
    • Published: Oct. 10, 2024
    • Modified: Oct. 17, 2024

  • 4.3

    MEDIUM
    CVE-2024-38485

    Dell ECS, versions prior to 3.8.0, contain(s) a Host Header Injection Vulnerability. A remote low-privileged attacker could potentially exploit this vulnerability to trigger redirections that leads to sensitive information leakage.... Read more

    Affected Products : elastic_cloud_storage
    • Published: Dec. 09, 2024
    • Modified: Feb. 04, 2025

  • 4.3

    MEDIUM
    CVE-2012-4267

    Cross-site scripting (XSS) vulnerability in user/register in Sockso 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter.... Read more

    Affected Products : sockso
    • Published: Aug. 13, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 294313 Results