Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2009-0369

    Microsoft Internet Explorer 7 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability.... Read more

    Affected Products : internet_explorer
    • Published: Jan. 30, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2013-7254

    Cross-site scripting (XSS) vulnerability in Opsview before 4.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : opsview
    • Published: Jan. 03, 2014
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-3006

    Maxthon Browser 2.5.3.80 UNICODE allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which tr... Read more

    Affected Products : maxthon_browser
    • Published: Aug. 28, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2022-0638

    Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11.... Read more

    Affected Products : microweber cockpit
    • Published: Feb. 17, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-6329

    SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is cau... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • Published: Sep. 09, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-4883

    Cross-site scripting (XSS) vulnerability in the BotQuery extension in MediaWiki 1.7.x and earlier before SVN 20070910 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a similar issue to CVE-2007-4828.... Read more

    Affected Products : mediawiki
    • Published: Sep. 14, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-36652

    A SQL Injection in the users searching REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to read database data via SQL commands injected in the search parameter.... Read more

    Affected Products : cryptospike
    • Published: Dec. 12, 2023
    • Modified: May. 27, 2025

  • 4.3

    MEDIUM
    CVE-2008-5430

    Mozilla Thunderbird 2.0.14 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which might allow remote attackers to cause a denial of servic... Read more

    Affected Products : thunderbird
    • Published: Dec. 13, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2020-6353

    SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is cau... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • Published: Sep. 09, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-22508

    Improper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecutive logins of a specific type.... Read more

    • Published: May. 15, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-31921

    Cross-Site Request Forgery (CSRF) vulnerability in Etoile Web Design Ultimate Product Catalogue.This issue affects Ultimate Product Catalogue: from n/a through 5.2.15. ... Read more

    Affected Products :
    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-27576

    Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission... Read more

    Affected Products : android dex
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-5608

    Cross-site scripting (XSS) vulnerability in apps/user_webdavauth/settings.php in ownCloud 4.5.x before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via arbitrary POST parameters.... Read more

    Affected Products : owncloud owncloud_server
    • Published: Dec. 18, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2019-16175

    A clickjacking vulnerability was found in Limesurvey before 3.17.14.... Read more

    Affected Products : limesurvey
    • Published: Sep. 09, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-8006

    The Disaster Recovery (DRA) feature on the Cisco ISB8320-E High-Definition IP-Only DVR allows remote attackers to bypass authentication by establishing a TELNET session during a recovery boot, aka Bug ID CSCup85422.... Read more

    • Published: Dec. 17, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2006-6955

    Opera allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723.... Read more

    Affected Products : opera_browser
    • Published: Jan. 29, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-24421

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability t... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Feb. 11, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2012-2938

    Multiple cross-site scripting (XSS) vulnerabilities in Travelon Express 6.2.2 allow remote attackers to inject arbitrary web script or HTML via the holiday name field to (1) holiday_add.php or (2) holiday_view.php.... Read more

    Affected Products : travelon_express
    • Published: May. 27, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-26177

    In tangro Business Workflow before 1.18.1, a user's profile contains some items that are greyed out and thus are not intended to be edited by regular users. However, this restriction is only applied client-side. Manipulating any of the greyed-out values i... Read more

    Affected Products : business_workflow
    • Published: Dec. 18, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2009-2932

    Cross-site scripting (XSS) vulnerability in uddiclient/process in the UDDI client in SAP NetWeaver Application Server (Java) 7.0 allows remote attackers to inject arbitrary web script or HTML via the TModel Key field.... Read more

    Affected Products : netweaver
    • Published: Aug. 21, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 293542 Results