Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-39330

    An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, pote... Read more

    Affected Products : django
    • Published: Jul. 10, 2024
    • Modified: Jun. 16, 2025

  • 4.3

    MEDIUM
    CVE-2016-2820

    The Firefox Health Reports (aka FHR or about:healthreport) feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-... Read more

    Affected Products : firefox
    • Published: Apr. 30, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-39416

    Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass securi... Read more

    Affected Products : commerce magento
    • Published: Aug. 14, 2024
    • Modified: Aug. 14, 2024

  • 4.3

    MEDIUM
    CVE-2024-39412

    Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass securi... Read more

    Affected Products : magento commerce magento
    • Published: Aug. 14, 2024
    • Modified: Oct. 16, 2024

  • 4.3

    MEDIUM
    CVE-2023-47037

    We failed to apply CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then.  Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail value... Read more

    Affected Products : airflow
    • Published: Nov. 12, 2023
    • Modified: Feb. 13, 2025

  • 4.3

    MEDIUM
    CVE-2021-39888

    In all versions of GitLab EE starting from 13.10 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 a specific API endpoint may reveal details about a private group and other sensitive info insi... Read more

    Affected Products : gitlab
    • Published: Oct. 05, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-2830

    Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing networ... Read more

    Affected Products : firefox firefox_esr
    • Published: Aug. 05, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-4620

    The Sandbox Profiles component in Apple iOS before 10 does not properly restrict access to directory metadata for SMS draft directories, which allows attackers to discover text-message recipients via a crafted app.... Read more

    Affected Products : iphone_os
    • Published: Sep. 18, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-5251

    Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters in the media type of a data: URL.... Read more

    Affected Products : firefox
    • Published: Aug. 05, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-3452

    Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to S... Read more

    • Published: Jul. 21, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-1900

    CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-... Read more

    Affected Products : fedora cgit cgit
    • Published: Jan. 20, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-2154

    admin/tool/monitor/lib.php in Event Monitor in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to discover hidden course names... Read more

    Affected Products : moodle
    • Published: May. 22, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-47159

    In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project... Read more

    Affected Products : youtrack
    • Published: Sep. 19, 2024
    • Modified: Sep. 24, 2024

  • 4.3

    MEDIUM
    CVE-2016-2861

    IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 does not properly encrypt data, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.... Read more

    Affected Products : websphere_extreme_scale
    • Published: Jul. 02, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-10503

    IBM Sametime Meeting Server 8.5.2 and 9.0 could allow an authenticated and invited user of Sametime meeting to lower any or all hands in an e-meeting, thus spoofing results of votes in the meeting. IBM X-Force ID: 113803.... Read more

    Affected Products : sametime
    • Published: Aug. 29, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-2832

    Mozilla Firefox before 47.0 allows remote attackers to discover the list of disabled plugins via a fingerprinting attack involving Cascading Style Sheets (CSS) pseudo-classes.... Read more

    Affected Products : firefox ubuntu_linux leap opensuse
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-3450

    Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect confidentiality via vectors related to Services, a different vulnerability than CVE-2... Read more

    • Published: Jul. 21, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-5233

    Huawei Mate 8 smartphones with software NXT-AL10 before NXT-AL10C00B182, NXT-CL00 before NXT-CL00C92B182, NXT-DL00 before NXT-DL00C17B182, and NXT-TL00 before NXT-TL00C01B182 allow remote base stations to obtain sensitive subscriber signal strength inform... Read more

    Affected Products : mate_8_firmware mate_8
    • Published: Jun. 10, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-39414

    Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass securi... Read more

    Affected Products : commerce magento
    • Published: Aug. 14, 2024
    • Modified: Aug. 14, 2024

  • 4.3

    MEDIUM
    CVE-2014-4751

    Cross-site scripting (XSS) vulnerability in IBM Security Access Manager for Mobile 8.0.0.0, 8.0.0.1, and 8.0.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.... Read more

    • Published: Aug. 12, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293609 Results