Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2014-3862

    CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in its SRC attribute, leading to information disclosure in a... Read more

    Affected Products : c-cda
    • Published: Sep. 02, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2008-6035

    Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2-STABLE allows remote attackers to inject arbitrary web script or HTML via the atknodetype parameter.... Read more

    Affected Products : achievo
    • Published: Feb. 03, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2011-0642

    Cross-site request forgery (CSRF) vulnerability in news/admin.php in N-13 News 3.4, 3.7, and 4.0 allows remote attackers to hijack the authentication of administrators for requests that create new users via the options action. NOTE: some of these details... Read more

    Affected Products : n-13_news
    • Published: Jan. 25, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-35473

    An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specifications 5.0 through 5.2, may be used to identify devices usi... Read more

    Affected Products : bluetooth_core_specification
    • Published: Nov. 08, 2022
    • Modified: May. 01, 2025

  • 4.3

    MEDIUM
    CVE-2024-43269

    Cross-Site Request Forgery (CSRF) vulnerability in WPBackItUp Backup and Restore WordPress.This issue affects Backup and Restore WordPress: from n/a through 1.50.... Read more

    Affected Products : backup_and_restore_wordpress
    • Published: Aug. 26, 2024
    • Modified: Sep. 12, 2024

  • 4.3

    MEDIUM
    CVE-2024-24772

    A guest user could exploit a chart data REST API and send arbitrary SQL statements that on error could leak information from the underlying analytics database.This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommend... Read more

    Affected Products : superset
    • Published: Feb. 28, 2024
    • Modified: Feb. 12, 2025

  • 4.3

    MEDIUM
    CVE-2006-4856

    Multiple cross-site scripting (XSS) vulnerabilities in Roller WebLogger 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, or (3) url parameters; (4) certain content parameters in the preview method; or (5) the ... Read more

    Affected Products : roller_weblogger
    • Published: Sep. 19, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2012-1046

    Cross-site scripting (XSS) vulnerability in TM1 Web in IBM Cognos TM1 9.5.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0696.... Read more

    Affected Products : cognos_tm1
    • Published: Feb. 10, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-37315

    Nextcloud Server is a self hosted personal cloud system. An attacker with read-only access to a file is able to restore older versions of a document when the files_versions app is enabled. It is recommended that the Nextcloud Server is upgraded to 26.0.12... Read more

    Affected Products : nextcloud_server notes
    • Published: Jun. 14, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-4245

    The WooCommerce PDF Invoice Builder for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the GetInvoiceDetail function in versions up to, and including, 1.2.89. This makes it possible for subscribers to view arbi... Read more

    Affected Products : woocommerce_pdf_invoice_builder
    • Published: Aug. 31, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2011-4275

    Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted company name, (2) a crafted database server name, (3) a crafted... Read more

    Affected Products : itop
    • Published: Nov. 26, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-5095

    Cross-site scripting (XSS) vulnerability in SilverStripe 2.3.x before 2.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to DataObjectSet pagination.... Read more

    Affected Products : silverstripe
    • Published: Aug. 26, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-5114

    Multiple cross-site scripting (XSS) vulnerabilities in the Authoritative DNS - DNS Zones page in Barracuda Link Balancer 330 Firmware 1.3.2.005 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) zoneid or (2) scope param... Read more

    • Published: Aug. 23, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-4815

    Session fixation vulnerability in IBM Rational Lifecycle Integration Adapter for Windchill 1.x before 1.0.1 allows remote attackers to hijack web sessions via unspecified vectors.... Read more

    • Published: Dec. 12, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2008-3881

    Multiple cross-site scripting (XSS) vulnerabilities in ZoneMinder 1.23.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified "zm_html_view_*.php" files.... Read more

    Affected Products : zoneminder
    • Published: Sep. 02, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2019-5930

    Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to bypass access restriction to browse unauthorized pages via the application 'Management of Basic System'.... Read more

    Affected Products : garoon
    • Published: May. 17, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-4942

    The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_visibility function. This makes it possible for unauthenticated ... Read more

    • Published: Oct. 20, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-45210

    Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerability via the component /sys/user/deleteRecycleBin.... Read more

    Affected Products : jeecg_boot
    • Published: Nov. 25, 2022
    • Modified: Apr. 29, 2025

  • 4.3

    MEDIUM
    CVE-2024-13439

    The Team – Team Members Showcase Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the response() function in all versions up to, and including, 4.4.9. This makes it possible for authenticated attackers,... Read more

    Affected Products : team
    • Published: Feb. 15, 2025
    • Modified: Feb. 24, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2008-1368

    CRLF injection vulnerability in Microsoft Internet Explorer 5 and 6 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded CRLF (%0D%0A) before the FTP command, which causes the commands to be inserted into... Read more

    Affected Products : internet_explorer
    • Published: Mar. 18, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 294837 Results