Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-31379

    Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Smash Balloon Social Post Feed.This issue affects Smash Balloon Social Post Feed: from n/a through 4.2.1. ... Read more

    Affected Products :
    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-4170

    IBM Security Guardium Insights 2.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 174406.... Read more

    • Published: Aug. 24, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-2402

    QuickTime for Java in Apple Quicktime before 7.2 does not perform sufficient "access control," which allows remote attackers to obtain sensitive information (screen content) via crafted Java applets.... Read more

    Affected Products : quicktime
    • Published: Jul. 15, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2020-36668

    The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to sensitive information disclosure in versions up to, and including, 1.4.0 due to a lack of proper capability checking on the backup_guard_get_manual_modal function called vi... Read more

    Affected Products : jetbackup
    • Published: Mar. 07, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-5108

    Cross-site scripting (XSS) vulnerability in single_pages\download_file.php in concrete5 before 5.6.3 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to index.php/download_file.... Read more

    Affected Products : concrete_cms concrete5
    • Published: Jul. 28, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-0870

    Cross-site scripting (XSS) vulnerability in hb.cgi in Nishishi Factory Fumy News Clipper 2.x before 2.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : fumy_news_clipper
    • Published: Feb. 01, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-0861

    model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write to arbitrary fields via a sequence of records.... Read more

    Affected Products : debian_linux trytond
    • Published: Apr. 13, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9281

    Cross-site scripting (XSS) vulnerability in admin/copy_field.php in MantisBT before 1.2.18 allows remote attackers to inject arbitrary web script or HTML via the dest_id field.... Read more

    Affected Products : mantisbt
    • Published: Dec. 09, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-5147

    Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not properly handle traps from the guest domain that use a different address width, which allows local guest users to cause a denial of service (host crash) via a crafted 32-bit process.... Read more

    Affected Products : xen
    • Published: Aug. 29, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-5565

    The OSPFv3 functionality in Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (process crash) via a malformed LSA Type-1 packet, aka Bug ID CSCuj82176.... Read more

    Affected Products : ios_xr
    • Published: Nov. 08, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-4646

    IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5, 6.0.0.0 through 6.0.3.3, and 6.1.0.0 through 6.1.0.2 could allow an authenticated user to view pages they shoiuld not have access to due to improper authorization control.... Read more

    Affected Products : sterling_b2b_integrator
    • Published: May. 19, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-27807

    The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. An app may be able to circumvent App Privacy Report logging.... Read more

    Affected Products : iphone_os ipados
    • Published: Jun. 10, 2024
    • Modified: Mar. 25, 2025

  • 4.3

    MEDIUM
    CVE-2024-26167

    Microsoft Edge for Android Spoofing Vulnerability... Read more

    Affected Products : edge edge_chromium
    • Published: Mar. 07, 2024
    • Modified: Nov. 29, 2024

  • 4.3

    MEDIUM
    CVE-2024-23262

    This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 1.1, iOS 17.4 and iPadOS 17.4, iOS 16.7.6 and iPadOS 16.7.6. An app may be able to spoof system notifications and UI.... Read more

    Affected Products : iphone_os ipados visionos
    • Published: Mar. 08, 2024
    • Modified: Dec. 09, 2024

  • 4.3

    MEDIUM
    CVE-2024-29977

    Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly validate synced reactions, when shared channels are enabled, which allows a malicious remote to create arbitrary reactions on arbitrary posts... Read more

    Affected Products : mattermost_server mattermost
    • Published: Aug. 01, 2024
    • Modified: Aug. 23, 2024

  • 4.3

    MEDIUM
    CVE-2014-5191

    Cross-site scripting (XSS) vulnerability in the Preview plugin before 4.4.3 in CKEditor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : ckeditor
    • Published: Aug. 07, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-5129

    Cross-site scripting (XSS) vulnerability in Avolve Software ProjectDox 8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : projectdox
    • Published: Sep. 11, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-8730

    The SSL profiles component in F5 BIG-IP LTM, APM, and ASM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, AAM 11.4.0 through 11.5.1, AFM 11.3.0 through 11.5.1, Analytics 11.0.0 through 11.5.1, Edge Gateway, WebAccelerator, and WOM 10.1.0 through 10.2.4 a... Read more

    • Published: Dec. 10, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9738

    Multiple cross-site scripting (XSS) vulnerabilities in the Tournament module 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via an (1) account username, a (2) node title, ... Read more

    Affected Products : tournament
    • Published: Jul. 06, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-8800

    Cross-site scripting (XSS) vulnerability in nextend-facebook-settings.php in the Nextend Facebook Connect plugin before 1.5.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fb_login_button parameter in a newfb_update_... Read more

    Affected Products : nextend_facebook_connect
    • Published: Dec. 05, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293608 Results