Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2006-6832

    Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to poll.php or the module title.... Read more

    Affected Products : joomla
    • Published: Dec. 31, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2022-3293

    Email addresses were leaked in WebHook logs in GitLab EE affecting all versions from 9.3 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1... Read more

    Affected Products : gitlab
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 4.3

    MEDIUM
    CVE-2017-5041

    Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward navigation, which allowed a remote attacker to display incorrect information for a site via a crafted HTML page.... Read more

    Affected Products : chrome
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2023-3407

    The Subscribe2 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.40. This is due to missing or incorrect nonce validation when sending test emails. This makes it possible for unauthenticated attackers to... Read more

    Affected Products : subscribe2
    • Published: Jun. 28, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2006-5299

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in Gcontact 0.6.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : gcontact
    • Published: Oct. 17, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-6857

    Cross-site scripting (XSS) vulnerability in modules/credits/credits.php in Docebo LMS allows remote attackers to inject arbitrary web script or HTML via the lang parameter.... Read more

    Affected Products : docebolms docebolms
    • Published: Dec. 31, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-47761

    Missing Authorization vulnerability in WPDeveloper Simple 301 Redirects by BetterLinks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple 301 Redirects by BetterLinks: from n/a through 2.0.7.... Read more

    Affected Products : simple_301_redirects
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 4.3

    MEDIUM
    CVE-2007-0118

    Multiple absolute path traversal vulnerabilities in EditTag 1.2 allow remote attackers to read arbitrary files via an absolute pathname in the file parameter to (1) edittag.cgi, (2) edittag.pl, (3) edittag_mp.cgi, or (4) edittag_mp.pl.... Read more

    Affected Products : edittag
    • Published: Jan. 09, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2017-7152

    An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail Message Framework" component. It allows remote attackers to spoof the address bar via a crafted web site.... Read more

    Affected Products : iphone_os
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2023-47647

    Missing Authorization vulnerability in LearningTimes BadgeOS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BadgeOS: from n/a through 3.7.1.6.... Read more

    Affected Products : badgeos
    • Published: Jan. 02, 2025
    • Modified: Jan. 02, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2018-4440

    A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.... Read more

    Affected Products : itunes iphone_os safari icloud windows
    • Published: Apr. 03, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2006-5535

    Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager (WHM) 10.8.0 cPanel 10.9.0 R50 allow remote attackers to inject arbitrary web script or HTML via the (1) theme parameter to scripts/dosetmytheme and the (2) template parameter to script... Read more

    Affected Products : cpanel
    • Published: Oct. 26, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2019-0643

    An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests, aka 'Microsoft Edge Information Disclosure Vulnerability'.... Read more

    Affected Products : edge windows_10 windows_server_2019
    • Published: Mar. 05, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2006-5741

    Multiple cross-site scripting (XSS) vulnerabilities in AirMagnet Enterprise before 7.5 build 6307 allow remote attackers to inject arbitrary web script or HTML via (1) the 404 error page of the Smart Sensor Edge Sensor; (2) the user name for a failed logo... Read more

    Affected Products : enterprise
    • Published: Nov. 06, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-47820

    Missing Authorization vulnerability in CRUDLab WP Like Button allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Like Button: from n/a through 1.7.0.... Read more

    Affected Products : wp_like_button
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 4.3

    MEDIUM
    CVE-2023-43754

    Mattermost fails to check whether the  “Allow users to view archived channels”  setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels even if the “Allow users to view archived channels” sett... Read more

    Affected Products : mattermost_server mattermost
    • Published: Nov. 27, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2006-5496

    Multiple cross-site scripting (XSS) vulnerabilities in Timothy Claason KnowledgeBank 1.01 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) index.php, (2) addknowledge.php, and (3) addscreenshot.php.... Read more

    Affected Products : knowledgebank
    • Published: Oct. 25, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2019-10136

    It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without mo... Read more

    Affected Products : satellite spacewalk
    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-5023

    Type confusion in Histogram in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit a near null dereference via a crafted HTML page.... Read more

    Affected Products : chrome
    • Published: Feb. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2007-6094

    The IPsec module in the VPN component in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 allows remote attackers to cause a denial of service (module crash) via an IPsec Phase 2 proposal that lacks Perfect Forward Secrecy (PFS).... Read more

    Affected Products : ingate_firewall ingate_siparator
    • Published: Nov. 22, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 294289 Results