Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-0811

    Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)... Read more

    Affected Products : fedora chrome edge_chromium
    • Published: Jan. 24, 2024
    • Modified: Jun. 16, 2025

  • 4.3

    MEDIUM
    CVE-2003-0208

    Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user tracking capability allows remote attackers to insert arbitrary Javascript via the clickTAG field.... Read more

    Affected Products : flash
    • Published: May. 05, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2024-0749

    A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox < 122 and Thunderbird < 115.7.... Read more

    • Published: Jan. 23, 2024
    • Modified: May. 22, 2025

  • 4.3

    MEDIUM
    CVE-2019-3981

    MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client's authentication protocol and recover the user's username and MD5 hashed password.... Read more

    Affected Products : routeros winbox
    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2003-0318

    Cross-site scripting (XSS) vulnerability in the Statistics module for PHP-Nuke 6.0 and earlier allows remote attackers to insert arbitrary web script via the year parameter.... Read more

    Affected Products : php-nuke
    • Published: Jun. 09, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2019-3990

    A User Enumeration flaw exists in Harbor. The issue is present in the "/users" API endpoint. This endpoint is supposed to be restricted to administrators. This restriction is able to be bypassed and information can be obtained about registered users can b... Read more

    Affected Products : harbor
    • Published: Dec. 03, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-0748

    A compromised content process could have updated the document URI. This could have allowed an attacker to set an arbitrary URI in the address bar or history. This vulnerability affects Firefox < 122.... Read more

    Affected Products : firefox
    • Published: Jan. 23, 2024
    • Modified: Jun. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-4379

    Cross-site scripting (XSS) vulnerability in report.php in Mr. CGI Guy Hot Links SQL-PHP 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter.... Read more

    Affected Products : hot_links_sql_php
    • Published: Oct. 01, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2020-11997

    Apache Guacamole 1.2.0 and earlier do not consistently restrict access to connection history based on user visibility. If multiple users share access to the same connection, those users may be able to see which other users have accessed that connection, a... Read more

    Affected Products : guacamole
    • Published: Jan. 19, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-1754

    In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups.... Read more

    Affected Products : moodle
    • Published: Aug. 05, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-2894

    Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticat... Read more

    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-22060

    In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against... Read more

    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-3022

    IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted URL that triggers an error condition.... Read more

    Affected Products : websphere_application_server
    • Published: Aug. 22, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2003-1277

    Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin Board (YaBB) 1.5.0 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into (1... Read more

    Affected Products : yabb
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2020-1778

    When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0.9 and prior versions.... Read more

    Affected Products : otrs
    • Published: Nov. 23, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2003-0992

    Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users.... Read more

    Affected Products : mailman
    • Published: Feb. 17, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2019-2734

    Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session, Execute on DBMS_ADVISOR privilege w... Read more

    Affected Products : database database_server
    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-0810

    Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jan. 24, 2024
    • Modified: May. 22, 2025

  • 4.3

    MEDIUM
    CVE-2019-2728

    Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Networking). Supported versions that are affected are 12.3.3 and 12.4.0. Easily exploitable vulnerability allows low privileged attacke... Read more

    Affected Products : enterprise_manager_ops_center
    • Published: Jul. 23, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2003-1088

    Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 and 3.5 allows remote attackers to inject arbitrary web script or HTML via the method parameter.... Read more

    Affected Products : zorum
    • Published: Aug. 11, 2003
    • Modified: Apr. 03, 2025
Showing 20 of 293280 Results