Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2022-2244

    An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows project memebers with reporter role to manage issues in project's error tracking feature.... Read more

    Affected Products : gitlab
    • Published: Jul. 01, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-0884

    Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a share... Read more

    Affected Products : nextcloud_server
    • Published: Apr. 05, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2022-2630

    An improper access control issue in GitLab CE/EE affecting all versions starting from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of confidential information via the Incident timeline events.... Read more

    Affected Products : gitlab
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 4.3

    MEDIUM
    CVE-2017-10907

    Directory traversal vulnerability in OneThird CMS Show Off v1.85 and earlier. Show Off v1.85 en and earlier allows an attacker to read arbitrary files via unspecified vectors.... Read more

    Affected Products : onethird_cms_show_off onethird
    • Published: Dec. 22, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2020-6810

    After a website had entered fullscreen mode, it could have used a previously opened popup to obscure the notification that indicates the browser is in fullscreen mode. Combined with spoofing the browser chrome, this could have led to confusing the user ab... Read more

    Affected Products : firefox
    • Published: Mar. 25, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-1002024

    Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files.... Read more

    Affected Products : kind_editor kindeditor
    • Published: Sep. 14, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-10889

    TablePress prior to version 1.8.1 allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors.... Read more

    Affected Products : tablepress
    • Published: Nov. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-0892

    Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file.... Read more

    Affected Products : nextcloud_server
    • Published: May. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2015-6245

    epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.... Read more

    Affected Products : wireshark linux solaris
    • Published: Aug. 24, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2007-5268

    pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical instead of bitwise operations and (2) incorrect comparisons, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG image.... Read more

    Affected Products : ubuntu_linux libpng
    • Published: Oct. 08, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2015-7454

    Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenti... Read more

    • Published: Mar. 21, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4458

    The TLS implementation in the Cavium cryptographic-module firmware, as distributed with Cisco Adaptive Security Appliance (ASA) Software 9.1(5.21) and other products, does not verify the MAC field, which allows man-in-the-middle attackers to spoof TLS con... Read more

    • Published: Jul. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2870

    Cross-site scripting (XSS) vulnerability on Chiyu BF-630, BF-630W, and BF-660C fingerprint access-control devices allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element.... Read more

    Affected Products : bf-630 bf-630w bf-660c
    • Published: Aug. 01, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2011-1264

    Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecifi... Read more

    • Published: Jun. 16, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-2850

    Cross-site scripting (XSS) vulnerability in index-login.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices allows remote attackers to inject arbitrary web script or HTML via the msg para... Read more

    • Published: Jul. 07, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-6452

    Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via crafted XSL in an SVG file.... Read more

    Affected Products : mediawiki
    • Published: May. 12, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4539

    Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Identity Management & Governance (IMG) before 7.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • Published: Sep. 26, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4551

    LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a c... Read more

    • Published: Nov. 10, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2855

    The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not set the secure flag for the administrator's cookie in an https session, which makes it easier for remote attackers to cap... Read more

    • Published: May. 30, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2840

    Cross-site scripting (XSS) vulnerability in help/rt/large_search.html in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to inject arbitrary web script or HTML via the searchQuery parameter.... Read more

    Affected Products : netscaler
    • Published: Apr. 03, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 294454 Results