Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2022-34206

    A missing permission check in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers with Overall/Read permission to send HTTP POST requests to an attacker-specified URL.... Read more

    Affected Products : jianliao_notification
    • Published: Jun. 23, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-28406

    A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated attacker to read files with .xml extension. Access to restricted information is limited and the attacker does not contro... Read more

    • Published: May. 03, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2004-1822

    Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 through 5.0.3 beta allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_REFERER parameter to login.php, (2) HTTP_REFERER parameter to register.php, or (3) target p... Read more

    Affected Products : phorum
    • Published: Mar. 15, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2020-24427

    Acrobat Reader versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an input validation vulnerability when decoding a crafted codec that could result in the disclosure of sensitive memory. An... Read more

    • Published: Nov. 05, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2005-1866

    Cross-site scripting (XSS) vulnerability in calendar.php in Calendarix Advanced 1.5 allows remote attackers to inject arbitrary web script or HTML via the year parameter.... Read more

    Affected Products : calendarix_advanced
    • Published: May. 31, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-36002

    A missing authorization check in multiple URL validation endpoints of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to smuggle content via DNS lookups. All versions before 7.14.3 are affected.... Read more

    • Published: Jun. 27, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2005-1886

    Cross-site scripting (XSS) vulnerability in view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to inject arbitrary web script or HTML via (1) the phid parameter or (2) unknown parameters when posting a new comment.... Read more

    Affected Products : yapig
    • Published: Jun. 09, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2012-4839

    The OSLC interface in the Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to conduct phishing attacks via a FRAME element.... Read more

    Affected Products : rational_clearquest
    • Published: Dec. 20, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-26932

    debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for sympa_newaliases-wrapper, whereas the intended permissions are mode 4750 (for access by the sympa group)... Read more

    Affected Products : debian_linux sympa
    • Published: Oct. 10, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-1767

    Agent A is able to save a draft (i.e. for customer reply). Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent. This issue affec... Read more

    Affected Products : debian_linux otrs
    • Published: Jan. 10, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-1769

    In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS:... Read more

    Affected Products : leap otrs backports_sle
    • Published: Mar. 27, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-1770

    Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.... Read more

    Affected Products : debian_linux leap otrs backports_sle
    • Published: Mar. 27, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-34779

    A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.... Read more

    Affected Products : xebialabs_xl_release
    • Published: Jun. 30, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-2104

    Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with Overall/Read access to view a JVM memory usage chart.... Read more

    Affected Products : jenkins
    • Published: Jan. 29, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2004-1827

    Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and YaBB SE 1.5.1 Final allows remote attackers to inject arbitrary web script via the background:url property in (1) glow or (2) shadow tags.... Read more

    Affected Products : yabb simple_machines_smf
    • Published: Mar. 15, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1494

    Multiple cross-site scripting (XSS) vulnerabilities in admin.cgi in MegaBook 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) entryid or (2) password parameter.... Read more

    Affected Products : megabook
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2018-2927

    Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: HTTP data path subsystems). The supported version that is affected is Prior to 8.7.18. Easily exploitable vulnerability allows low privil... Read more

    • Published: Jul. 18, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-1091

    The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted w... Read more

    Affected Products : mac_os_x iphone_os
    • Published: Apr. 10, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2018-3147

    Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with n... Read more

    Affected Products : outside_in_technology
    • Published: Oct. 17, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-6362

    Use-after-free vulnerability in Microsoft Office 2007 SP3, 2010 SP2, and 2013 Gold and SP1 allows remote attackers to bypass the ASLR protection mechanism via a crafted document, aka "Microsoft Office Component Use After Free Vulnerability."... Read more

    Affected Products : office
    • Published: Feb. 11, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 294704 Results