Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2017-13877

    An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Sandbox Profiles" component. It allows attackers to determine whether arbitrary files exist via a crafted app.... Read more

    Affected Products : iphone_os
    • Published: Apr. 03, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2009-1934

    Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error.... Read more

    • Published: Jun. 05, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-5690

    By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.... Read more

    • Published: Jun. 11, 2024
    • Modified: Mar. 26, 2025

  • 4.3

    MEDIUM
    CVE-2007-5803

    Multiple cross-site scripting (XSS) vulnerabilities in CGI programs in Nagios before 2.12 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-5624 and CVE-2008-1360.... Read more

    Affected Products : nagios
    • Published: May. 13, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-2373

    Cross-site scripting (XSS) vulnerability in the Forum module in Drupal 6.x before 6.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal
    • Published: Jul. 08, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2017-13873

    An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Kernel" component. It allows attackers to obtain sensitive netw... Read more

    Affected Products : mac_os_x iphone_os tvos watchos
    • Published: Apr. 03, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-32205

    In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jun. 02, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-10164

    Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Staffing Front Office). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network acce... Read more

    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-16560

    SanDisk Secure Access 3.01 vault decrypts and copies encrypted files to a temporary folder, where they can remain indefinitely in certain situations, such as if the file is being edited when the user exits the application or if the application crashes.... Read more

    Affected Products : secureaccess
    • Published: Nov. 16, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2020-8216

    An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID.... Read more

    • Published: Jul. 30, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-5000

    Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject ar... Read more

    • Published: Dec. 13, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2017-10133

    Vulnerability in the Hospitality Hotel Mobile component of Oracle Hospitality Applications (subcomponent: Suite8/RestAPI). The supported version that is affected is 1.1. Easily exploitable vulnerability allows low privileged attacker with network access v... Read more

    Affected Products : hospitality_hotel_mobile
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2009-3263

    Cross-site scripting (XSS) vulnerability in Google Chrome 2.x and 3.x before 3.0.195.21 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as XML ... Read more

    Affected Products : chrome
    • Published: Sep. 18, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3550

    The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a file that records a malformed packet trace. NOTE: some of these... Read more

    Affected Products : wireshark
    • Published: Oct. 30, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-53661

    Jenkins Testsigma Test Plan run Plugin 1.6 and earlier does not mask Testsigma API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.... Read more

    Affected Products : testsigma_test_plan_run
    • Published: Jul. 09, 2025
    • Modified: Jul. 18, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2017-10175

    Vulnerability in the Oracle iSupport component of Oracle E-Business Suite (subcomponent: Profiles). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows low privileged ... Read more

    Affected Products : isupport
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2025-54532

    In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependencies... Read more

    Affected Products : teamcity
    • Published: Jul. 28, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2017-17693

    Techno - Portfolio Management Panel through 2017-11-16 does not check authorization for panel/portfolio.php?action=delete requests that remove feedback.... Read more

    • Published: Dec. 15, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2009-3627

    The decode_entities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service (infinite loop) via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character.... Read more

    Affected Products : html-parser
    • Published: Oct. 29, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3696

    Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name for a MySQL table.... Read more

    Affected Products : phpmyadmin
    • Published: Oct. 16, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 293619 Results