Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-36589

    An issue in Annonshop.app DecentralizeJustice/anonymousLocker commit 2b2b4 to ba9fd and DecentralizeJustice/anonBackend commit 57837 to cd815 was discovered to store credentials in plaintext.... Read more

    Affected Products :
    • Published: Jun. 13, 2024
    • Modified: Nov. 25, 2024

  • 4.3

    MEDIUM
    CVE-2020-2909

    Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows low privileged attacker wit... Read more

    Affected Products : leap vm_virtualbox
    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-0255

    Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript e... Read more

    • Published: Feb. 04, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2021-22251

    Improper validation of invited users' email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain that should be blocked by group settings... Read more

    Affected Products : gitlab
    • Published: Aug. 23, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-0008

    The graphics device interface in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to bypass the ASLR protection mec... Read more

    • Published: Jan. 13, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2010-1224

    main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an... Read more

    Affected Products : asterisk open_source
    • Published: Apr. 01, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-8261

    A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.... Read more

    • Published: Oct. 28, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2009-4443

    Unspecified vulnerability in the psearch (aka persistent search) functionality in Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 allows remote attackers to cause a denial of service (psearch outage) b... Read more

    Affected Products : java_system_directory_server
    • Published: Dec. 28, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-38808

    In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Specifically, an applica... Read more

    • Published: Aug. 20, 2024
    • Modified: Jun. 18, 2025

  • 4.3

    MEDIUM
    CVE-2017-8726

    Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how affected Microsoft scripting engines handle objects in memory, aka "Microsof... Read more

    Affected Products : edge windows_10 windows_server_2016
    • Published: Oct. 13, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2009-4363

    Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 does not properly handle data: URIs, which allows remote attackers to conduct cross-site ... Read more

    Affected Products : application_framework groupware
    • Published: Dec. 21, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-1313

    Directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. NOT... Read more

    Affected Products : joomla\! com_sebercart
    • Published: Apr. 08, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2018-0566

    Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors.... Read more

    Affected Products : office
    • Published: Jun. 26, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-24851

    The Insert Pages WordPress plugin before 3.7.0 allows users with a role as low as Contributor to access content and metadata from arbitrary posts/pages regardless of their author and status (ie private), using a shortcode. Password protected posts/pages a... Read more

    Affected Products : insert_pages
    • Published: Nov. 17, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-24633

    The Countdown Block WordPress plugin before 1.1.2 does not have authorisation in the eb_write_block_css AJAX action, which allows any authenticated user, such as Subscriber, to modify post contents displayed to users.... Read more

    Affected Products : countdown_block
    • Published: Sep. 27, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2005-1030

    Multiple cross-site scripting (XSS) vulnerabilities in Active Auction House allow remote attackers to inject arbitrary web script or HTML via the (1) ReturnURL, (2) password, (3) username parameter, (4) ReturnURL parameter to account.asp, (5) Table, (6) T... Read more

    Affected Products : active_auction_house
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2550

    Multiple cross-site scripting (XSS) vulnerabilities in unspecified Perl scripts in SandSurfer before 1.7.1 allow remote attackers to inject arbitrary web script or HTML, which is later executed by a target who views reports containing the injected data.... Read more

    Affected Products : sandsurfer
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2511

    Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the year, (2) month, and (3) day parameters in calendar.php; (4) the cid and (5) url parameters in in... Read more

    Affected Products : dcp-portal
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2207

    Cross-site scripting (XSS) vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.... Read more

    Affected Products : idealbb
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2021-24868

    The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft posts.... Read more

    Affected Products : document_embedder
    • Published: Feb. 01, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294860 Results