Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2022-25783

    Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. This issue affects: Secomea GateManager versions prior to 9.7.... Read more

    • Published: May. 04, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-4942

    Multiple cross-site scripting (XSS) vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to inject arbitrary web script or HTML via an arbitrary text field.... Read more

    Affected Products : fleetcommander fleetcommander_kiosk
    • Published: Nov. 18, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2006-0886

    Cross-site scripting (XSS) vulnerability in register.php in DEV web management system 1.5 allows remote attackers to inject arbitrary web script or HTML via the "City/Region" field (mesto variable). NOTE: the provenance of this information is unknown; th... Read more

    Affected Products : dev_web_management_system
    • Published: Feb. 25, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2019-16175

    A clickjacking vulnerability was found in Limesurvey before 3.17.14.... Read more

    Affected Products : limesurvey
    • Published: Sep. 09, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-27576

    Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission... Read more

    Affected Products : android dex
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-32795

    Cross-Site Request Forgery (CSRF) vulnerability in Revmakx WPCal.Io – Easy Meeting Scheduler.This issue affects WPCal.Io – Easy Meeting Scheduler: from n/a through 0.9.5.8. ... Read more

    Affected Products :
    • Published: Apr. 24, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-8314

    Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA Developer Edition Revision 70 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) epm/admin/DataGen.xsjs or (2) epm/services/multiply.xsjs in the demo... Read more

    Affected Products : hana
    • Published: Oct. 16, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-31921

    Cross-Site Request Forgery (CSRF) vulnerability in Etoile Web Design Ultimate Product Catalogue.This issue affects Ultimate Product Catalogue: from n/a through 5.2.15. ... Read more

    Affected Products :
    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-20730

    Improper access control vulnerability in WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior allows an attacker to obtain configuration information via unspecified vectors.... Read more

    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-1426

    The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, K7 AntiVirus 9.77.3565, Norman Antivirus 6.06.12, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via... Read more

    • Published: Mar. 21, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-0404

    Cross-site scripting (XSS) vulnerability in EMC Documentum eRoom before 7.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : documentum_eroom
    • Published: Mar. 15, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-6353

    SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is cau... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • Published: Sep. 09, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-6329

    SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is cau... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • Published: Sep. 09, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-5608

    Cross-site scripting (XSS) vulnerability in apps/user_webdavauth/settings.php in ownCloud 4.5.x before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via arbitrary POST parameters.... Read more

    Affected Products : owncloud owncloud_server
    • Published: Dec. 18, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2022-4386

    The Intuitive Custom Post Order WordPress plugin before 3.1.4 lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attack... Read more

    Affected Products : intuitive_custom_post_order
    • Published: Feb. 21, 2023
    • Modified: Mar. 12, 2025

  • 4.3

    MEDIUM
    CVE-2018-0589

    Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to add a new form in the 'Forms' page via unspecified vectors.... Read more

    • Published: May. 14, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-2669

    Cross-site scripting (XSS) vulnerability in admin/editors/text/editor-body.php in Orbis CMS 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter.... Read more

    Affected Products : orbis_cms
    • Published: Jul. 08, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-2490

    Cross-site scripting (XSS) vulnerability in the KJ Image Lightbox 2 (aka kj_imagelightbox2) extension 1.4.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified "user input."... Read more

    Affected Products : kj_imagelightbox2
    • Published: May. 28, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-3448

    Cross-site scripting (XSS) vulnerability in index.php in BugMall Shopping Cart 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the msgs parameter. NOTE: 4.0.2 and other versions might also be affected.... Read more

    Affected Products : shopping_cart
    • Published: Jun. 27, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-6490

    Cross-site request forgery (CSRF) vulnerability in Falcon Series One CMS 1.4.3 allows remote attackers to change a password via a certain changepass action to index.php.... Read more

    Affected Products : series_one_cms
    • Published: Dec. 20, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 293609 Results