Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2025-53839

    DRACOON is a file sharing service, and the DRACOON Branding Service allows customers to customize their DRACOON interface with their brand. Versions of the DRACOON Branding Service prior to 2.10.0 are vulnerable to cross-site scripting. Improper neutraliz... Read more

    Affected Products :
    • Published: Jul. 15, 2025
    • Modified: Jul. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.0

    MEDIUM
    CVE-2012-3154

    Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.0 allows remote authenticated users to affect confidentiality, related to ATTACH.... Read more

    Affected Products : supply_chain_products_suite
    • Published: Oct. 16, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2014-6074

    IBM UrbanCode Deploy 6.1.0.2 before IF1 allows remote authenticated users to read keystore secret keys via a direct request to a UI page.... Read more

    Affected Products : urbancode_deploy
    • Published: Sep. 10, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2013-1973

    The autocomplete callback in Autocomplete Widgets for Text and Number Fields (autocomplete_widgets) module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-rc1 does not properly handle node permissions, which allows remote authenticated users to obtain s... Read more

    Affected Products : autocomplete_widgets
    • Published: Jun. 09, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2011-3514

    Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect integrity, related to Enterprise Infrastructure SEC (JDENET).... Read more

    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2008-6830

    The disconnection feature in Citrix Web Interface 5.0 and 5.0.1 for Java Application Servers does not properly terminate a user's web interface session, which allows attackers with access to the same browser instance to gain access to the user's Web Inter... Read more

    Affected Products : web_interface
    • Published: Jun. 08, 2009
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2015-5443

    HP 3PAR Service Processor SP 4.2.0.GA-29 (GA) SPOCC, SP 4.3.0.GA-17 (GA) SPOCC, and SP 4.3.0-GA-24 (MU1) SPOCC allows remote authenticated users to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : 3par_service_processor_sp
    • Published: Oct. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2007-3604

    vtiger CRM before 5.0.3 allows remote authenticated users with access to the Analytics DashBoard menu to bypass data restrictions and read the pipeline of the entire organization, possibly involving modules/Potentials/Potentials.php.... Read more

    Affected Products : vtiger_crm
    • Published: Jul. 06, 2007
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2007-3839

    Cross-site scripting (XSS) vulnerability in takeprofedit.php in TBDev.NET DR 010306 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the avatar parameter. NOTE: this may be related to the tracker program... Read more

    Affected Products : dr
    • Published: Jul. 17, 2007
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2011-4305

    message/refresh.php in Moodle 1.9.x before 1.9.14 allows remote authenticated users to cause a denial of service (infinite request loop) via a URL that specifies a zero wait time for message refreshing.... Read more

    Affected Products : moodle
    • Published: Jul. 11, 2012
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2010-4835

    Directory traversal vulnerability in index.php in OneOrZero AIMS 2.6.0 Members Edition allows remote authenticated users to read arbitrary files via directory traversal sequences in the controller parameter in a show_report action.... Read more

    Affected Products : aims
    • Published: Sep. 14, 2011
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2013-4432

    Mahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4 does not properly restrict access to folders, which allows remote authenticated users to read arbitrary folders (1) by leveraging an active folder tab loaded before permissions were removed ... Read more

    Affected Products : mahara
    • Published: May. 19, 2014
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2024-30124

    HCL Sametime is impacted by insecure services in-use on the UIM client by default. An unused legacy REST service was enabled by default using the HTTP protocol. An attacker could potentially use this service endpoint maliciously.... Read more

    Affected Products : sametime
    • Published: Oct. 23, 2024
    • Modified: Oct. 29, 2024

  • 4.0

    MEDIUM
    CVE-2018-1568

    IBM QRadar SIEM 7.2 and 7.3 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 143118.... Read more

    • Published: Dec. 05, 2018
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2013-1451

    Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent with the Address bar, which makes it easier for remote ... Read more

    Affected Products : internet_explorer
    • Published: Jan. 29, 2013
    • Modified: Apr. 11, 2025

  • 4.0

    MEDIUM
    CVE-2015-0462

    Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, and 6.3.6 allows remote authenticated users to affect confidentiality via unknown vectors... Read more

    Affected Products : supply_chain_products_suite
    • Published: Apr. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.0

    MEDIUM
    CVE-2025-48432

    An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may lead t... Read more

    Affected Products : django
    • Published: Jun. 05, 2025
    • Modified: Jun. 10, 2025
    • Vuln Type: Information Disclosure

  • 4.0

    MEDIUM
    CVE-2023-21469

    Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.GEOFENCE action.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 4.0

    MEDIUM
    CVE-2023-21470

    Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.NETWORK_LOCATION action.... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Authorization

  • 4.0

    MEDIUM
    CVE-2025-54142

    Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an entity body, because there can be a subsequent request within the persistent connection between an Akamai proxy server and an origin server, if the origin serv... Read more

    Affected Products : akamaighost
    • Published: Aug. 29, 2025
    • Modified: Aug. 29, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 293602 Results