Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2005-1555

    Cross-site scripting (XSS) vulnerability in the JRun Web Server in ColdFusion MX 7.0 allows remote attackers to inject arbitrary script or HTML via the URL, which is not properly quoted in the resulting default 404 error page.... Read more

    Affected Products : coldfusion
    • Published: May. 10, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-32980

    A cross-site request forgery (CSRF) vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job.... Read more

    Affected Products : email_extension
    • Published: May. 16, 2023
    • Modified: Jan. 23, 2025

  • 4.3

    MEDIUM
    CVE-2020-6441

    Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.... Read more

    Affected Products : fedora debian_linux leap chrome backports
    • Published: Apr. 13, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-3771

    Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.... Read more

    • Published: Mar. 25, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2005-1494

    Multiple cross-site scripting (XSS) vulnerabilities in admin.cgi in MegaBook 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) entryid or (2) password parameter.... Read more

    Affected Products : megabook
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1557

    Multiple cross-site scripting (XSS) vulnerabilities in WebApp Guestbook PRO 3.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) content of a message.... Read more

    Affected Products : guestbook_pro
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-21827

    Vulnerability in the Oracle Database Data Redaction component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network a... Read more

    Affected Products : database database_server
    • Published: Jan. 18, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-6396

    Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.... Read more

    • Published: Feb. 11, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-28159

    A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build.... Read more

    • Published: Mar. 06, 2024
    • Modified: Jun. 06, 2025

  • 4.3

    MEDIUM
    CVE-2005-0785

    Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB 2.0 rc1 allows remote attackers to inject arbitrary web script or HTML via the username parameter.... Read more

    Affected Products : yabb
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2814

    Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the usr parameter in a vis_reg operation to index.php.... Read more

    Affected Products : flatnuke
    • Published: Sep. 07, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2820

    Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer "Conditional Comments" such as "[if]" and "[endif]".... Read more

    Affected Products : sqwebmail
    • Published: Sep. 07, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2024-1727

    A Cross-Site Request Forgery (CSRF) vulnerability in gradio-app/gradio allows attackers to upload multiple large files to a victim's system if they are running Gradio locally. By crafting a malicious HTML page that triggers an unauthorized file upload to ... Read more

    Affected Products : gradio
    • Published: Mar. 21, 2024
    • Modified: Jul. 30, 2025

  • 4.3

    MEDIUM
    CVE-2005-2590

    Cross-site scripting (XSS) vulnerability in Parlano MindAlign 5.0 and later versions allows remote attackers to inject arbitrary web script or HTML via unknown vectors.... Read more

    Affected Products : mindalign
    • Published: Aug. 17, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2022-43417

    Jenkins Katalon Plugin 1.0.32 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through anoth... Read more

    Affected Products : katalon
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 4.3

    MEDIUM
    CVE-2022-43432

    Jenkins XFramium Builder Plugin 1.0.22 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.... Read more

    Affected Products : xframium_builder
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 4.3

    MEDIUM
    CVE-2023-50773

    Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask access tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.... Read more

    Affected Products : dingding_json_pusher
    • Published: Dec. 13, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-21048

    Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: XML input). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with netwo... Read more

    • Published: Apr. 16, 2024
    • Modified: Apr. 10, 2025

  • 4.3

    MEDIUM
    CVE-2013-5417

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote attackers to inject arbitrary web script or HTML via HTTP response data.... Read more

    Affected Products : websphere_application_server
    • Published: Nov. 18, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2019-1010220

    tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "ND_PRINT((ndo, "%s", buf));", in function named "print_prefix", in "print-hncp.c... Read more

    Affected Products : tcpdump
    • Published: Jul. 22, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 293608 Results