Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2017-11803

    Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Discl... Read more

    Affected Products : edge windows_10
    • Published: Nov. 15, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2004-1341

    Cross-site scripting (XSS) vulnerability in info2www before 1.2.2.9 allows remote attackers to inject arbitrary web script or HTML via the arguments to info2www.... Read more

    Affected Products : info2www
    • Published: Apr. 19, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2003-1285

    Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server before 6.0 beta 6 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) isapi/testisa.dll, (2) testcgi.exe, (3) environ.pl, (4) the query parameter to... Read more

    Affected Products : sambar_server
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2003-1484

    Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) by creating a DHTML link that uses the AnchorClick "A" object with a blank href attribute.... Read more

    Affected Products : ie
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-23850

    A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.... Read more

    Affected Products : synopsys_coverity
    • Published: Feb. 15, 2023
    • Modified: Mar. 18, 2025

  • 4.3

    MEDIUM
    CVE-2021-46835

    There is a traffic hijacking vulnerability in WS7200-10 11.0.2.13. Successful exploitation of this vulnerability can cause packets to be hijacked by attackers.... Read more

    Affected Products : ws7200-10_firmware ws7200-10
    • Published: Sep. 20, 2022
    • Modified: May. 28, 2025

  • 4.3

    MEDIUM
    CVE-2023-28334

    Authenticated users were able to enumerate other users' names via the learning plans page.... Read more

    Affected Products : moodle
    • Published: Mar. 23, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2018-2971

    Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: REST Services). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows low ... Read more

    • Published: Oct. 17, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-18450

    An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the Project labels feature. It has Insecure Permissions.... Read more

    Affected Products : gitlab
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-26273

    IBM QRadar SIEM 7.5.0 could allow an authenticated user to perform unauthorized actions due to hazardous input validation. IBM X-Force ID: 248134.... Read more

    • Published: Jun. 27, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-28336

    Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access.... Read more

    Affected Products : moodle fedora
    • Published: Mar. 23, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2018-1021

    An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8123.... Read more

    Affected Products : edge
    • Published: May. 09, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-19086

    Gitlab Enterprise Edition (EE) before 12.5.1 has Insecure Permissions (issue 1 of 2).... Read more

    Affected Products : gitlab
    • Published: Jan. 03, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-7343

    Cross-site scripting (XSS) vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.3 allows remote attackers to inject arbitrary web script or HTML by using URL encoding within the callback parameter name. NOTE: this vulnera... Read more

    Affected Products : flowplayer_html5
    • Published: Mar. 24, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2019-16723

    In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter.... Read more

    Affected Products : cacti
    • Published: Sep. 23, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-28360

    An omission of security-relevant information vulnerability exists in Brave desktop prior to version 1.48.171 when a user was saving a file there was no download safety check dialog presented to the user.... Read more

    Affected Products : brave
    • Published: May. 11, 2023
    • Modified: Jan. 27, 2025

  • 4.3

    MEDIUM
    CVE-2006-4761

    Multiple cross-site scripting (XSS) vulnerabilities in Luke Hutteman SharpReader allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reade... Read more

    Affected Products : sharpreader
    • Published: Sep. 13, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2017-5041

    Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward navigation, which allowed a remote attacker to display incorrect information for a site via a crafted HTML page.... Read more

    Affected Products : chrome
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2007-5888

    Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter.... Read more

    • Published: Nov. 07, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2015-3983

    The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. NOTE: this issue was SPLI... Read more

    Affected Products : pacemaker_configuration_system
    • Published: May. 14, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293610 Results