Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2012-0389

    Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and earlier, 5.x before 5.53, and 6.x before 6.03 allows remote attackers to inject arbitrary web script or HTML via the Username p... Read more

    Affected Products : mailenable
    • Published: Jan. 24, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2016-7077

    foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6.... Read more

    Affected Products : foreman
    • Published: Sep. 10, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2002-2364

    Cross-site scripting (XSS) vulnerability in PHP Ticket 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a help ticket.... Read more

    Affected Products : php_ticket
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2012-0740

    Cross-site scripting (XSS) vulnerability in the Web Admin Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.22 and 6.3 before 6.3.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : tivoli_directory_server
    • Published: Apr. 22, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2002-2386

    Cross-site scripting (XSS) vulnerability in the Quizz module for XOOPS 1.0, when allowing on-line question development, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the SRC attribute of an IMG tag.... Read more

    Affected Products : xoops
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2025-55052

    CWE-200 Exposure of Sensitive Information to an Unauthorized Actor... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2012-0318

    Multiple cross-site scripting (XSS) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to inject arbitrary web script or HTML via vectors involving templates, a different issue than CVE-2012-1262.... Read more

    • Published: Mar. 03, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-0307

    Multiple cross-site scripting (XSS) vulnerabilities in Symantec Messaging Gateway (SMG) before 10.0 allow remote attackers to inject arbitrary web script or HTML via (1) web content or (2) e-mail content.... Read more

    Affected Products : messaging_gateway
    • Published: Aug. 29, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2021-32477

    The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability (site administrators by default). Moodle versions 3.10 to 3.10.3 are affected.... Read more

    Affected Products : moodle
    • Published: Mar. 11, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-0904

    VLC media player 1.1.11 allows remote attackers to cause a denial of service (crash) via a long string in an amr file.... Read more

    Affected Products : vlc_media_player
    • Published: Jan. 20, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2018-1999

    IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID: 154889.... Read more

    • Published: Apr. 08, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2018-1949

    IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 153429.... Read more

    • Published: Feb. 21, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-10148

    The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote authenticated users to bypass intended read-access restriction... Read more

    Affected Products : wordpress
    • Published: Jan. 18, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-1000033

    Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks.... Read more

    Affected Products : enterprise_linux shotwell
    • Published: Oct. 25, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2018-2820

    Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Core). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows low privileged attacker with n... Read more

    Affected Products : peoplesoft_enterprise_peopletools
    • Published: Apr. 19, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-7657

    An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOKit" component. It allows attackers to obtain sensitive information from kernel m... Read more

    Affected Products : mac_os_x iphone_os watchos
    • Published: Feb. 20, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-0724

    The (1) core_enrol_get_course_enrolment_methods and (2) enrol_self_get_instance_info web services in Moodle through 2.6.11, 2.7.x before 2.7.12, 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 do not consider the moodle/course:viewhiddenco... Read more

    Affected Products : moodle fedora
    • Published: Feb. 22, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2018-20904

    cPanel before 71.9980.37 allows attackers to make API calls that bypass the cron feature restriction (SEC-427).... Read more

    Affected Products : cpanel
    • Published: Aug. 01, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-0176

    Cross-site scripting (XSS) vulnerability in MQ XR WebSockets Listener in WMQ Telemetry in IBM WebSphere MQ 8.0 before 8.0.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URI that is included in an error response.... Read more

    Affected Products : websphere_mq
    • Published: Apr. 27, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1129

    Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site.... Read more

    Affected Products : iphone_os safari
    • Published: Apr. 10, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293609 Results