Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2017-10150

    Vulnerability in the Primavera Unifier component of Oracle Primavera Products Suite (subcomponent: Platform). Supported versions that are affected are 9.13, 9.14, 10.1, 10.2, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows low privilege... Read more

    Affected Products : primavera_unifier
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-10160

    Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerabili... Read more

    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2020-1444

    A remote code execution vulnerability exists in the way Microsoft SharePoint software parses specially crafted email messages, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'.... Read more

    • Published: Jul. 14, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2003-1025

    Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "... Read more

    Affected Products : internet_explorer
    • Published: Jan. 20, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2015-4854

    Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via unknown vectors related to Single Signon. NOTE: the previous inform... Read more

    Affected Products : e-business_suite
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4841

    Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM IP2014 and IP2015 allows remote attackers to affect confidentiality via unknown vectors related to Services.... Read more

    Affected Products : siebel_crm
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2025-1923

    Inappropriate implementation in Permission Prompts in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)... Read more

    Affected Products : chrome edge_chromium
    • Published: Mar. 05, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2025-1935

    A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Mar. 04, 2025
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1544

    Cross-site scripting (XSS) vulnerability in Search.jsp in JSPWiki 2.1.120-cvs and earlier allows remote attackers to execute arbitrary web script as other users via the query parameter.... Read more

    Affected Products : jspwiki
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2025-21562

    Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Run Control Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker wit... Read more

    • Published: Jan. 21, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2008-0909

    Cross-site scripting (XSS) vulnerability in browse.asp in Schoolwires Academic Portal allows remote attackers to inject arbitrary web script or HTML via the c parameter. NOTE: the provenance of this information is unknown; the details are obtained solely... Read more

    Affected Products : academic_portal
    • Published: Feb. 22, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-0751

    Cross-site scripting (XSS) vulnerability in the Freetag before 2.96 plugin for S9Y Serendipity, when using Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to plugin/tag/.... Read more

    • Published: Feb. 13, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-39593

    Cross-Site Request Forgery (CSRF) vulnerability in EverAccounting Ever Accounting allows Cross Site Request Forgery. This issue affects Ever Accounting: from n/a through 2.1.5.... Read more

    Affected Products :
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-31525

    Missing Authorization vulnerability in WP Messiah WP Mobile Bottom Menu allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Mobile Bottom Menu: from n/a through 1.2.9.... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-23996

    Cross-Site Request Forgery (CSRF) vulnerability in anyroad.com AnyRoad allows Cross Site Request Forgery. This issue affects AnyRoad: from n/a through 1.3.2.... Read more

    Affected Products :
    • Published: Jan. 21, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-31753

    Cross-Site Request Forgery (CSRF) vulnerability in Animesh Kumar Advanced Speed Increaser. This issue affects Advanced Speed Increaser: from n/a through 2.2.1.... Read more

    Affected Products :
    • Published: Apr. 01, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-49190

    The application is vulnerable to Server-Side Request Forgery (SSRF). An endpoint can be used to send server internal requests to other ports.... Read more

    Affected Products :
    • Published: Jun. 12, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Server-Side Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-39571

    Missing Authorization vulnerability in WPXPO WowStore allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WowStore: from n/a through 4.2.4.... Read more

    Affected Products : wowstore
    • Published: Apr. 16, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-49192

    The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives. This could potentially reveal confidential info... Read more

    Affected Products :
    • Published: Jun. 12, 2025
    • Modified: Jun. 12, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-31406

    Subscriber Broken Access Control in ELEX WooCommerce Request a Quote <= 2.3.3 versions.... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization
Showing 20 of 294733 Results