Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2016-0077

    Microsoft Internet Explorer 9 through 11 and Microsoft Edge misparse HTTP responses, which allows remote attackers to spoof web sites via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability."... Read more

    Affected Products : edge internet_explorer
    • Published: Feb. 10, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-37103

    Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Education Zone allows Cross Site Request Forgery.This issue affects Education Zone: from n/a through 1.3.4.... Read more

    Affected Products :
    • Published: Jan. 02, 2025
    • Modified: Jan. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2015-7789

    ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to cause a denial of service via unspecified vectors.... Read more

    Affected Products : wl-330nul wl-33nul_firmware
    • Published: Dec. 30, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-37102

    Cross-Site Request Forgery (CSRF) vulnerability in Blossom Themes Vilva allows Cross Site Request Forgery.This issue affects Vilva: from n/a through 1.2.2.... Read more

    Affected Products :
    • Published: Jan. 02, 2025
    • Modified: Jan. 02, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2015-7772

    Cross-site scripting (XSS) vulnerability in the runtime engine in the Newphoria applican framework before 1.13.0 for Android and iOS allows remote attackers to inject arbitrary web script or HTML via a crafted URL that triggers WebView anchor attachment i... Read more

    Affected Products : applican
    • Published: Nov. 20, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-7771

    Cross-site scripting (XSS) vulnerability in the runtime engine in the Newphoria applican framework before 1.13.0 for Android and iOS allows remote attackers to inject arbitrary web script or HTML via a crafted SSID that is encountered by an applican appli... Read more

    Affected Products : applican
    • Published: Nov. 20, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2018-5161

    Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8.... Read more

    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-2159

    The save_submission function in mod/assign/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote authenticated users to bypass intended due-date restrictions by leverag... Read more

    Affected Products : moodle
    • Published: May. 22, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-37218

    Missing Authorization vulnerability in WordPress Page Builder Sandwich Team Page Builder Sandwich – Front-End Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Page Builder Sandwich – Front-End Page Bu... Read more

    Affected Products : page_builder_sandwich
    • Published: Nov. 01, 2024
    • Modified: Nov. 01, 2024

  • 4.3

    MEDIUM
    CVE-2015-7697

    Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive.... Read more

    Affected Products : ubuntu_linux debian_linux unzip
    • Published: Nov. 06, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-1758

    The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app.... Read more

    Affected Products : mac_os_x iphone_os
    • Published: Mar. 24, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2020-11914

    The Treck TCP/IP stack before 6.0.1.66 has an ARP Out-of-bounds Read.... Read more

    Affected Products : tcp\/ip
    • Published: Jun. 17, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-7708

    Cross-site scripting (XSS) vulnerability in 4images 1.7.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat_description parameter in an updatecat action to admin/categories.php.... Read more

    Affected Products : 4images
    • Published: Oct. 05, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-7677

    The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X-siLock-FileID parameter in a download action to MOVEit... Read more

    Affected Products : moveit_dmz
    • Published: Feb. 10, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-8309

    Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download."... Read more

    Affected Products : cherrymusic
    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-1000395

    Jenkins 2.73.1 and earlier, 2.83 and earlier provides information about Jenkins user accounts which is generally available to anyone with Overall/Read permissions via the /user/(username)/api remote API. This included e.g. Jenkins users' email addresses i... Read more

    Affected Products : jenkins
    • Published: Jan. 26, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-0706

    Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenti... Read more

    Affected Products : ubuntu_linux debian_linux tomcat
    • Published: Feb. 25, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-8336

    Huawei FusionCompute with software before V100R005C10SPC700 allows remote authenticated users to obtain sensitive "role and permission" information via unspecified vectors.... Read more

    • Published: Apr. 14, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-7576

    The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.... Read more

    Affected Products : rails ruby_on_rails actionpack
    • Published: Feb. 16, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-0509

    Unspecified vulnerability in the Oracle Internet Expenses component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to AP Web Utilities.... Read more

    Affected Products : e-business_suite
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 293555 Results