Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2018-0529

    Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors.... Read more

    Affected Products : office
    • Published: Jun. 26, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2018-0586

    Directory traversal vulnerability in the shortcodes function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to read arbitrary files via unspecified vectors.... Read more

    • Published: May. 14, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2009-3701

    Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 allow remote attackers to inject arbitrary web ... Read more

    Affected Products : application_framework groupware
    • Published: Dec. 21, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2018-0503

    Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'.... Read more

    Affected Products : debian_linux mediawiki
    • Published: Oct. 04, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2009-3748

    Multiple cross-site scripting (XSS) vulnerabilities in the Web Administrator in Websense Personal Email Manager 7.1 before Hotfix 4 and Email Security 7.1 before Hotfix 4 allow remote attackers to inject arbitrary web script or HTML via the (1) FileName, ... Read more

    • Published: Oct. 22, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2018-0550

    Cybozu Garoon 3.5.0 to 4.6.1 allows remote authenticated attackers to bypass access restriction to view the closed title of "Cabinet" via unspecified vectors.... Read more

    Affected Products : garoon
    • Published: Apr. 16, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2018-0531

    Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to view or alter an access privilege of a folder and/or notification settings via unspecified vectors.... Read more

    Affected Products : garoon
    • Published: Apr. 16, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2018-0526

    Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors.... Read more

    Affected Products : office
    • Published: Jun. 26, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-24730

    The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and authorisation checks in the lswss_save_attachment_data AJAX action, allowing any authenticated users, such as Subscriber, to change title, description, alt text, and ... Read more

    Affected Products : logo_showcase_with_slick_slider
    • Published: Feb. 28, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2009-3767

    libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middl... Read more

    Affected Products : fedora openssl mac_os_x openldap
    • Published: Oct. 23, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2016-1764

    The Content Security Policy (CSP) implementation in Messages in Apple OS X before 10.11.4 allows remote attackers to obtain sensitive information via a javascript: URL.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Mar. 24, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-1849

    The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.... Read more

    Affected Products : subversion
    • Published: May. 02, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2021-29751

    IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated user to obtain sensitive information about another user under nondefault configurations. IBM X-Force ID: 201779.... Read more

    • Published: Jun. 28, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-1823

    Cross-site scripting (XSS) vulnerability in the Notifications form in Red Hat Subscription Asset Manager before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the username field.... Read more

    Affected Products : subscription_asset_manager
    • Published: Apr. 02, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-3994

    Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting (XSS) attacks via a binary plugin that uses Object.d... Read more

    • Published: Oct. 10, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2016-0080

    Microsoft Edge mishandles exceptions during window-message dispatch operations, which allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Edge ASLR Bypass."... Read more

    Affected Products : edge
    • Published: Feb. 10, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2008-4020

    Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 allows remote attackers to inject arbitrary web script or HTML via a document that contains a "Content-Disposition: attachment" header and is accessed through a cdo: URL, which renders th... Read more

    Affected Products : office
    • Published: Oct. 15, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2005-2780

    Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) allows remote attackers to inject arbitrary web script or HTML via a signature.... Read more

    Affected Products : land_down_under
    • Published: Sep. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2008-4005

    Unspecified vulnerability in the Oracle Application Express component in Oracle Database 11.1.0.6 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.... Read more

    Affected Products : database_server database_11i
    • Published: Oct. 14, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2021-45059

    Adobe InDesign version 16.4 (and earlier) is affected by a use-after-free vulnerability in the processing of a JPEG2000 file that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASL... Read more

    Affected Products : macos windows indesign
    • Published: Jan. 13, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293507 Results