Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2019-4234

    IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. IBM X-Force ID: ... Read more

    Affected Products : pureapplication_system
    • Published: Jun. 26, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2018-11342

    A path traversal vulnerability in fileExplorer.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a path to a file on the system to create folders via the dest_folder parameter.... Read more

    Affected Products : as6202t_firmware as6202t
    • Published: May. 22, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2008-2825

    Cross-site scripting (XSS) vulnerability in the embedded Web Server in Xerox WorkCentre M123, M128, and 133 and WorkCentre Pro 123, 128, and 133 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : workcentre
    • Published: Jun. 23, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2012-1103

    emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs interface, allows user-assisted remote attackers to read arbitrary files via crafted MML tags, which are not properly quoted in an email reply cna cause the files to be attached to the me... Read more

    Affected Products : emacs notmuch
    • Published: Sep. 25, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-1338

    The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the stopOptimizeAll function. This makes it pos... Read more

    • Published: Feb. 29, 2024
    • Modified: Dec. 31, 2024

  • 4.3

    MEDIUM
    CVE-2024-1335

    The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the disableOptimization function. This makes it... Read more

    • Published: Feb. 29, 2024
    • Modified: Dec. 31, 2024

  • 4.3

    MEDIUM
    CVE-2019-0393

    An SQL Injection vulnerability in SAP Quality Management (corrected in S4CORE versions 1.0, 1.01, 1.02, 1.03) allows an attacker to carry out targeted database queries that can read individual fields of historical inspection results.... Read more

    Affected Products : quality_management
    • Published: Nov. 13, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-21027

    Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a cross-site request forgery (CSRF) vulnerability via the GraphQL API. Successful exploitation could lead to unauthorized modification of customer metadat... Read more

    Affected Products : magento magento_commerce
    • Published: Feb. 11, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-4571

    Multiple cross-site scripting (XSS) vulnerabilities in vncal.js.php in the VN-Calendar plugin 1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) fs or (2) w parameter.... Read more

    Affected Products : vn-calendar
    • Published: Jul. 02, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2009-4552

    Cross-site scripting (XSS) vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.... Read more

    Affected Products : miniweb
    • Published: Jan. 04, 2010
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2015-6416

    Cross-site scripting (XSS) vulnerability in Cisco Unified Email Interaction Manager and Unified Web Interaction Manager 11.0(1) allows remote attackers to inject arbitrary web script or HTML a crafted URL, aka Bug ID CSCuw24479.... Read more

    • Published: Dec. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2010-0875

    Unspecified vulnerability in the Life Sciences - Oracle Thesaurus Management System component in Oracle Industry Product Suite 4.5.2, 4.6, and 4.6.1 allows remote attackers to affect integrity, related to TMS Browser.... Read more

    Affected Products : industry_product_suite
    • Published: Apr. 13, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2023-6577

    A vulnerability was found in Byzoro PatrolFlow 2530Pro up to 20231126. It has been rated as problematic. This issue affects some unknown processing of the file /log/mailsendview.php. The manipulation of the argument file with the input /boot/phpConfig/tb_... Read more

    • Published: Dec. 07, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-1590

    Cross-site scripting (XSS) vulnerability in shopsessionsubs.asp in Rocksalt International VP-ASP Shopping Cart 6.50 and earlier might allow remote attackers to inject arbitrary web script or HTML via the client's DNS hostname (aka the REMOTE_HOST variable... Read more

    Affected Products : vp-asp_shopping_cart
    • Published: Apr. 28, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2019-5449

    A missing check in the Nextcloud Server prior to version 15.0.1 causes leaking of calendar event names when adding or modifying confidential or private events.... Read more

    Affected Products : nextcloud_server
    • Published: Jul. 30, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2011-5149

    Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) testaddr or (2) testpass parameter to auth-settings.php; (3) hostname, (4) domainname, or (5) mails... Read more

    Affected Products : spamtitan
    • Published: Aug. 31, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2023-22083

    Vulnerability in the Oracle Enterprise Session Border Controller product of Oracle Communications (component: Web UI). Supported versions that are affected are 9.0-9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access ... Read more

    • Published: Oct. 17, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-1028

    The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the setIgnore function. This makes it possible for unauthenticated attackers ... Read more

    Affected Products : wp_meta_seo
    • Published: Feb. 28, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2006-5457

    Multiple cross-site scripting (XSS) vulnerabilities in the registration form in Casinosoft Casino Script (Masvet) 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) surname field.... Read more

    Affected Products : casino_script
    • Published: Oct. 23, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-0533

    Cross-site scripting (XSS) vulnerability in password.php in Scripts for Sites EZ Reminder allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the u2 parameter. NOTE: the provenance of this informatio... Read more

    Affected Products : ez_reminder
    • Published: Feb. 11, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 293608 Results