Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-54306

    Cross-Site Request Forgery (CSRF) vulnerability in KCT AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot allows Cross Site Request Forgery.This issue affects AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot: from n/a through 1.6.2... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 4.3

    MEDIUM
    CVE-2010-0097

    ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged... Read more

    Affected Products : bind
    • Published: Jan. 22, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-54267

    Missing Authorization vulnerability in CreativeMindsSolutions CM Answers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CM Answers: from n/a through 3.2.6.... Read more

    Affected Products : cm_answers
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 4.3

    MEDIUM
    CVE-2018-15325

    In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, iControl and TMSH usage by authenticated users may leak a small amount of memory when executing commands... Read more

    • Published: Oct. 31, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-30803

    A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to access a user’s recent Contacts.... Read more

    Affected Products : macos
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-30804

    A permissions issue was addressed with improved validation. This issue is fixed in iOS 14.7. A malicious application may be able to access Find My data.... Read more

    Affected Products : iphone_os
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-32695

    Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.16.1, a malicious app on the same device could have gotten access to the shared preferences of the Nextcloud Android application. This required user-interaction as a victim ... Read more

    Affected Products : nextcloud_server nextcloud notes
    • Published: Jun. 17, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-4463

    The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4.7. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possib... Read more

    Affected Products :
    • Published: May. 14, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-4426

    The Comparison Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on several functions hooked to AJAX actions. This makes it possible fo... Read more

    Affected Products : comparison_slider
    • Published: May. 30, 2024
    • Modified: Feb. 12, 2025

  • 4.3

    MEDIUM
    CVE-2021-2369

    Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily e... Read more

    Affected Products : debian_linux jdk jre graalvm openjdk java_se
    • Published: Jul. 21, 2021
    • Modified: May. 27, 2025

  • 4.3

    MEDIUM
    CVE-2018-12358

    Service workers can use redirection to avoid the tainting of cross-origin resources in some instances, allowing a malicious site to read responses which are supposed to be opaque. This vulnerability affects Firefox < 61.... Read more

    Affected Products : firefox ubuntu_linux
    • Published: Oct. 18, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-32657

    Nextcloud Server is a Nextcloud package that handles data storage. In versions of Nextcloud Server prior to 10.0.11, 20.0.10, and 21.0.2, a malicious user may be able to break the user administration page. This would disallow administrators to administrat... Read more

    Affected Products : nextcloud_server notes
    • Published: Jun. 01, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-0128

    Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2... Read more

    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-0112

    Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2... Read more

    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2021-32598

    An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below, 5.6.11 and below may allow an authenticated and remote ... Read more

    Affected Products : fortimanager fortianalyzer
    • Published: Aug. 05, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-2155

    Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Documents). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with ... Read more

    Affected Products : one-to-one_fulfillment
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-2153

    Vulnerability in the Oracle Internet Expenses product of Oracle E-Business Suite (component: Mobile Expenses). Supported versions that are affected are 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access vi... Read more

    Affected Products : internet_expenses
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-2113

    Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: On Demand Billing). Supported versions that are affected are 2.9.0.0 and 2.9.0.1. Easily exploitable vulnerability ... Read more

    • Published: Jan. 20, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2018-6041

    Incorrect security UI in navigation in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.... Read more

    • Published: Sep. 25, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-2033

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows low privilege... Read more

    Affected Products : weblogic_server
    • Published: Jan. 20, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293515 Results