Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2016-8651

    An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of an... Read more

    • EPSS Score: %0.24
    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2016-8016

    Information exposure in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to obtain the existence of unauthorized files on the system via a URL parameter.... Read more

    Affected Products : virusscan_enterprise
    • EPSS Score: %9.83
    • Published: Mar. 14, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2014-0134

    The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and use_cow_images is set to false, allows remote authenticated users to read certain compute host files by overwrit... Read more

    Affected Products : nova compute
    • EPSS Score: %0.20
    • Published: May. 08, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2017-5930

    The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check.... Read more

    Affected Products : leap postfixadmin
    • EPSS Score: %39.86
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2015-4914

    Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, 11.1.1.7, 11.1.1.9, 12.1.2.0, and 12.1.3.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web Listener.... Read more

    Affected Products : http_server fusion_middleware
    • EPSS Score: %0.14
    • Published: Oct. 22, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-4741

    Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.2.4 allows remote authenticated users to affect integrity via unknown vectors related to Dialog popup.... Read more

    Affected Products : e-business_suite
    • EPSS Score: %0.15
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2020-28838

    Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Opencart CMS 3.0.3.6 allows attacker to add cart items via Add to cart.... Read more

    Affected Products : opencart
    • EPSS Score: %0.10
    • Published: Dec. 11, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2024-23557

    HCL Connections contains a user enumeration vulnerability. Certain actions could allow an attacker to determine if the user is valid or not, leading to a possible brute force attack. ... Read more

    Affected Products : connections
    • Published: Apr. 18, 2024
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2024-3920

    The Flattr WordPress plugin through 1.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ex... Read more

    Affected Products : flattr
    • Published: May. 23, 2024
    • Modified: May. 21, 2025

  • 3.5

    LOW
    CVE-2024-32236

    An issue in CmsEasy v.7.7 and before allows a remote attacker to obtain sensitive information via the update function in the index.php component.... Read more

    Affected Products : cmseasy
    • Published: Apr. 25, 2024
    • Modified: Apr. 14, 2025

  • 3.5

    LOW
    CVE-2024-2220

    The Button contact VR WordPress plugin through 4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowe... Read more

    Affected Products : call_\/_chat_\/_contact_button
    • Published: May. 23, 2024
    • Modified: May. 15, 2025

  • 3.5

    LOW
    CVE-2014-5169

    Cross-site scripting (XSS) vulnerability in the Date module before 7.x-2.8 for Drupal allows remote authenticated users with the permission to create a date field to inject arbitrary web script or HTML via the date field title.... Read more

    Affected Products : date
    • EPSS Score: %0.21
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-5338

    Multiple cross-site scripting (XSS) vulnerabilities in the multisite component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) render_status_ico... Read more

    Affected Products : check_mk
    • EPSS Score: %0.29
    • Published: Aug. 22, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-2567

    Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.... Read more

    • EPSS Score: %0.84
    • Published: Apr. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-1988

    Cross-site scripting (XSS) vulnerability in IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 and Tivoli Storage FlashCopy Manager for VMware 3.1 before 3.1.1.3, 3.2... Read more

    • EPSS Score: %0.17
    • Published: Oct. 04, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-5793

    Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-5786.... Read more

    Affected Products : mysql
    • EPSS Score: %0.55
    • Published: Oct. 16, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-5797

    Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and JavaFX 2.2.40 and earlier allows remote authenticated users to affect integri... Read more

    Affected Products : jdk jre jrockit jre jdk javafx
    • EPSS Score: %0.34
    • Published: Oct. 16, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-2430

    Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.... Read more

    • EPSS Score: %0.90
    • Published: Apr. 16, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-2438

    Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.... Read more

    • EPSS Score: %1.19
    • Published: Apr. 16, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-5001

    Cross-site scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object... Read more

    Affected Products : phpmyadmin
    • EPSS Score: %0.18
    • Published: Jul. 31, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 291782 Results