Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2013-4884

    Cross-site scripting (XSS) vulnerability in McAfee SuperScan 4.0 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded sequences in a server response, which is not properly handled in the SuperScan HTML report.... Read more

    Affected Products : superscan
    • Published: Jan. 21, 2014
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2019-3015

    Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Integration Broker). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows low privileged attacker with network acces... Read more

    Affected Products : peoplesoft_enterprise_peopletools
    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-5187

    SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1, when running on servers with certain configurations, allows remote attackers to obtain sensitive information via a direct request to PHP files in the (1) sapphire, (2) cms, or (3) mysite folders, whi... Read more

    Affected Products : silverstripe
    • Published: Aug. 26, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-4365

    Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ScriptsEz Ez Blog 1.0 allow remote attackers to hijack the authentication of administrators for requests that (1) add a blog via the add_blog action, (2) approve a comment via the ... Read more

    Affected Products : ez_blog
    • Published: Dec. 21, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-4318

    Cross-site scripting (XSS) vulnerability in index.php in Real Estate Manager 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. NOTE: some of these details are obtained from third party information.... Read more

    Affected Products : real_estate_manager
    • Published: Dec. 14, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2012-4563

    Cross-site scripting (XSS) vulnerability in Google Web Toolkit (GWT) 2.4 Beta and release candidates before 2.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : web_toolkit
    • Published: Nov. 20, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-12698

    The direct_mail extension through 5.2.3 for TYPO3 has Broken Access Control for newsletter subscriber tables.... Read more

    Affected Products : direct_mail
    • Published: May. 13, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-4329

    IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 161209.... Read more

    • Published: Oct. 29, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2008-2924

    Cross-site scripting (XSS) vulnerability in Webmatic before 2.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : webmatic webmatic
    • Published: Jun. 30, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-6090

    Directory traversal vulnerability in members.php in ScriptsEz Mini Hosting Panel allows remote attackers to read arbitrary local files via a .. (dot dot) in the dir parameter in a view action.... Read more

    Affected Products : mini_hosting_panel
    • Published: Feb. 06, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-25500

    Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses b... Read more

    Affected Products : vaadin
    • Published: Jun. 22, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-20879

    An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. Changes to e-mail addresses do not require credential re-entry.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-43472

    Missing Authorization vulnerability in StylemixThemes eRoom – Zoom Meetings & Webinar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eRoom – Zoom Meetings & Webinar: from n/a through 1.4.6.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 4.3

    MEDIUM
    CVE-2012-3313

    Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Datab... Read more

    • Published: Sep. 10, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2019-2191

    In LG's LAF component, there is a possible leak of information in a protected disk partition due to a missing bounds check. This could lead to local information disclosure via USB with User execution privileges needed. User interaction is not required for... Read more

    Affected Products : android
    • Published: Sep. 27, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2018-2483

    HTTP Verb Tampering is possible in SAP BusinessObjects Business Intelligence Platform, versions 4.1 and 4.2, Central Management Console (CMC) by changing request method.... Read more

    • Published: Nov. 13, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-3301

    Multiple CRLF injection vulnerabilities in the HTTP server in IBM Lotus Domino 8.5.x before 8.5.4 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input involving (1) Mozilla Firefox 3.0.9 and... Read more

    Affected Products : lotus_domino
    • Published: Aug. 21, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2022-1594

    The HC Custom WP-Admin URL WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, allowing them to change the login URL... Read more

    Affected Products : hc_custom_wp-admin_url
    • Published: Jun. 13, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-2914

    Cross-site scripting (XSS) vulnerability in captchademo.php in Unijimpe Captcha allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.... Read more

    Affected Products : captcha
    • Published: May. 21, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-2780

    Multiple cross-site scripting (XSS) vulnerabilities in 68 Classifieds 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to category.php, view parameter to (2) login.php and (3) viewlisting.php, page parameter to (... Read more

    Affected Products : 68_classifieds
    • Published: Aug. 17, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 293617 Results