Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2015-4190

    Cisco Cloud Portal in Cisco Prime Service Catalog 9.4.1_vortex on Cloud Portal appliances allows man-in-the-middle attackers to modify data via unspecified vectors, aka Bug ID CSCuh19683.... Read more

    Affected Products : prime_service_catalog
    • Published: Jun. 17, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4939

    Cross-site scripting (XSS) vulnerability in IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0_iFix1 allows remote a... Read more

    • Published: Oct. 06, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2009-3216

    Multiple directory traversal vulnerabilities in iWiccle 1.01, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the show parameter to the admin module, reachable through index.php; or (2) the modul... Read more

    Affected Products : iwiccle
    • Published: Sep. 16, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2020-6348

    SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is cau... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • Published: Sep. 09, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-1000155

    Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to profile pictures being accessed without any access control checks consequently allowing any of a user's uploaded profile pictures to be viewable by anyone, whe... Read more

    Affected Products : mahara
    • Published: Nov. 03, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2008-3589

    Directory traversal vulnerability in download.php in moziloCMS 1.10.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the cat parameter.... Read more

    Affected Products : mozilocms
    • Published: Aug. 11, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2020-6361

    SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RLE files received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is ca... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • Published: Sep. 09, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-8793

    Cross-site scripting (XSS) vulnerability in lib/max/Admin/UI/Field/PublisherIdField.php in Revive Adserver before 3.0.6 allows remote attackers to inject arbitrary web script or HTML via the refresh_page parameter to www/admin/report-generate.php.... Read more

    Affected Products : revive_adserver
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2007-1768

    Cross-site scripting (XSS) vulnerability in app/helpers/application_helper.rb in Mephisto 0.7.3 and Mephisto Edge 20070325 allows remote attackers to inject arbitrary web script or HTML via the author name field in a comment.... Read more

    Affected Products : mephisto mephisto_edge
    • Published: Mar. 30, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2020-10635

    Simulation models for KUKA.Sim Pro version 3.1 are hosted by a server maintained by KUKA. When these devices request a model, the server transmits the model in plaintext.... Read more

    Affected Products : sim_pro
    • Published: Feb. 24, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-6307

    Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information.... Read more

    Affected Products : basis
    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-31927

    An Insecure Direct Object Reference (IDOR) vulnerability in Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to modify any existing user, including users assigned to different environments and clients. It was fixed in ... Read more

    Affected Products : loyalty_experience_platform
    • Published: Jun. 10, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-15202

    In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a private project of another user.... Read more

    Affected Products : kanboard
    • Published: Oct. 11, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2013-1198

    Cross-site scripting (XSS) vulnerability in a Flash component in Cisco Unified Computing System (UCS) Central allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud15430.... Read more

    Affected Products : unified_computing_system_software
    • Published: Apr. 29, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2021-29433

    Sydent is a reference Matrix identity server. In Sydent versions 2.2.0 and prior, sissing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource e... Read more

    Affected Products : sydent
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-1240

    Multiple cross-site scripting (XSS) vulnerabilities in Docebo CMS 3.0.3 through 3.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the searchkey parameter to index.php, or the (2) sn or (3) ri parameter to modules/htmlframechat/in... Read more

    Affected Products : docebo
    • Published: Mar. 03, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2014-9453

    Multiple cross-site scripting (XSS) vulnerabilities in simple-visitor-stat.php in the Simple visitor stat plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP User-Agent or (2) HTTP Referer header.... Read more

    Affected Products : simple_visitor_stat
    • Published: Jan. 02, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2022-3151

    The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when deleting cursors, which could allow attackers to made a logged in admin delete arbitrary cursors via a CSRF attack.... Read more

    Affected Products : wp_custom_cursors
    • Published: Oct. 17, 2022
    • Modified: May. 14, 2025

  • 4.3

    MEDIUM
    CVE-2024-11353

    The SMS for Lead Capture Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_message() function in all versions up to, and including, 1.1.0. This makes it possible for authenticated... Read more

    Affected Products :
    • Published: Dec. 07, 2024
    • Modified: Dec. 07, 2024

  • 4.3

    MEDIUM
    CVE-2014-3830

    Cross-site scripting (XSS) vulnerability in info.php in TomatoCart 1.1.8.6.1 allows remote attackers to inject arbitrary web script or HTML via the faqs_id parameter.... Read more

    Affected Products : tomatocart
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293339 Results