Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2014-3207

    Cross-site scripting (XSS) vulnerability in wserver.ml in SKS Keyserver before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to pks/lookup/undefined1.... Read more

    Affected Products : sks_keyserver
    • Published: May. 08, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2006-5296

    PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerP... Read more

    Affected Products : powerpoint
    • Published: Oct. 16, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2022-2303

    An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for group members to bypass 2FA enforcement enabled at the ... Read more

    Affected Products : gitlab
    • Published: Aug. 05, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2018-13374

    A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request ... Read more

    Affected Products : fortios fortiadc
    • Actively Exploited
    • Published: Jan. 22, 2019
    • Modified: Jan. 27, 2025

  • 4.3

    MEDIUM
    CVE-2018-8112

    A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge.... Read more

    Affected Products : edge
    • Published: May. 09, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-2306

    A missing permission check in Jenkins Mercurial Plugin 2.11 and earlier allows attackers with Overall/Read permission to obtain a list of names of configured Mercurial installations.... Read more

    Affected Products : mercurial
    • Published: Nov. 04, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2006-7058

    Multiple cross-site scripting (XSS) vulnerabilities in Sphider before 1.3.1c allow remote attackers to inject arbitrary web script or HTML via the catid parameter to (1) templates/standard/search_form.html and (2) templates/dark/search_form.html. NOTE: t... Read more

    Affected Products : sphider
    • Published: Feb. 24, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-43494

    Jenkins 2.50 through 2.423 (both inclusive), LTS 2.60.1 through 2.414.1 (both inclusive) does not exclude sensitive build variables (e.g., password parameter values) from the search in the build history widget, allowing attackers with Item/Read permission... Read more

    Affected Products : jenkins
    • Published: Sep. 20, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-1761

    A vulnerability in the Hot Standby Router Protocol (HSRP) subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to receive potentially sensitive information from an affected device. The vulnerability is due to insuff... Read more

    Affected Products : ios_xe ios
    • Published: Mar. 28, 2019
    • Modified: Sep. 11, 2025

  • 4.3

    MEDIUM
    CVE-2006-6534

    Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 3.0a3 allow remote attackers to inject arbitrary web script or HTML via the (1) set parameter to admin/modules.php, the (2) selected_box parameter to definitiva/admin/customers.php, the (3)... Read more

    Affected Products : oscommerce
    • Published: Dec. 14, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2019-10136

    It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without mo... Read more

    Affected Products : satellite spacewalk
    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-42016

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a us... Read more

    Affected Products : sterling_b2b_integrator
    • Published: Feb. 09, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-46171

    IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89.33.48.0 could allow an authenticated user to view sensitive log information after enumerating filenames. IBM X-Force ID: 269408.... Read more

    Affected Products : ds8900f_firmware ds8900f
    • Published: Mar. 07, 2024
    • Modified: Mar. 11, 2025

  • 4.3

    MEDIUM
    CVE-2007-6126

    Multiple cross-site scripting (XSS) vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the year parameter to (1) xml/index.php; or (2) the year parameter to view.page.inc.php, which is rea... Read more

    Affected Products : project_alumni
    • Published: Nov. 26, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2014-4907

    Cross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a parameter that is not properly handled in an error message.... Read more

    Affected Products : pnp4nagios monitor
    • Published: Jul. 11, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2023-3764

    The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.90. This is due to missing or incorrect nonce validation on the Save function. This makes it possible for unauthenti... Read more

    Affected Products : woocommerce_pdf_invoice_builder
    • Published: Aug. 31, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-1701

    The GenerateFunction function in bindings/scripts/code_generator_v8.pm in Blink, as used in Google Chrome before 33.0.1750.149, does not implement a certain cross-origin restriction for the EventTarget::dispatchEvent function, which allows remote attacker... Read more

    Affected Products : chrome
    • Published: Mar. 16, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2006-5774

    Cross-site scripting (XSS) vulnerability in Hyper NIKKI System before 2.19.9 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.... Read more

    Affected Products : hyper_nikki_system
    • Published: Nov. 06, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2014-4671

    Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 do not properly r... Read more

    • Published: Jul. 09, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2007-3241

    Cross-site scripting (XSS) vulnerability in blogroll.php in the cordobo-green-park theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI.... Read more

    Affected Products : wordpress
    • Published: Jun. 15, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 293527 Results