Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2003-1463

    Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows remote attackers with administrator privileges to (1) determine the installation path by reading the contents of the Name parameter in a link, and (2) read arb... Read more

    Affected Products : webadmin all_windows
    • EPSS Score: %5.43
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 3.5

    LOW
    CVE-2010-3093

    The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a crafted URL, related to an "unpublishing bypass" issue.... Read more

    Affected Products : drupal
    • EPSS Score: %0.32
    • Published: Sep. 21, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-3737

    Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (heap memory consumption) by executing a (1) user-defined function (UDF) or (2) stored procedure while usin... Read more

    Affected Products : db2
    • EPSS Score: %0.38
    • Published: Oct. 05, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2008-2603

    Unspecified vulnerability in the Resource Manager component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6, and Database Control in Enterprise Manager, has unknown impact and remote authenticated attack vectors. NOTE: the previous information was obt... Read more

    Affected Products : enterprise_manager
    • EPSS Score: %0.45
    • Published: Jul. 15, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2021-39881

    In all versions of GitLab CE/EE since version 7.7, the application may let a malicious user create an OAuth client application with arbitrary scope names which may allow the malicious user to trick unsuspecting users to authorize the malicious client appl... Read more

    Affected Products : gitlab
    • EPSS Score: %0.25
    • Published: Oct. 05, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2020-8173

    A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended.... Read more

    Affected Products : nextcloud_server
    • EPSS Score: %0.28
    • Published: Nov. 02, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2020-7020

    Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the ... Read more

    Affected Products : elasticsearch elasticsearch
    • EPSS Score: %0.14
    • Published: Oct. 22, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2024-26127

    Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and aff... Read more

    • Published: Jun. 13, 2024
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2024-26126

    Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and aff... Read more

    • Published: Jun. 13, 2024
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2020-14732

    Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Promotions). The supported version that is affected is 19.0. Difficult to exploit vulnerability allows low privileged atta... Read more

    • EPSS Score: %0.18
    • Published: Oct. 21, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2012-5539

    The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying their own account while a pending membership is waiting... Read more

    Affected Products : drupal organic_groups organic_groups
    • EPSS Score: %0.19
    • Published: Dec. 03, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2025-1363

    The URL Shortener | Conversion Tracking | AB Testing | WooCommerce WordPress plugin through 9.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even... Read more

    • Published: Mar. 09, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2025-47700

    Mattermost Server versions 10.5.x <= 10.5.9 utilizing the Agents plugin fail to reject empty request bodies which allows users to trick users into clicking malicious links via post actions... Read more

    Affected Products : mattermost_server
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authentication

  • 3.5

    LOW
    CVE-2024-13314

    The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_htm... Read more

    • Published: Feb. 21, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2023-23934

    Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cook... Read more

    Affected Products : werkzeug
    • EPSS Score: %0.27
    • Published: Feb. 14, 2023
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2023-50458

    In Dradis before 4.11.0, the Output Console shows a job queue that may contain information about other users' jobs.... Read more

    Affected Products : dradis
    • Published: Jul. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 3.5

    LOW
    CVE-2014-2467

    Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect integrity via unknown vectors related to Security, a different vulnerability than CVE-2014-2445.... Read more

    Affected Products : supply_chain_products_suite
    • EPSS Score: %0.15
    • Published: Apr. 16, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2012-0577

    Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.4.0 allows remote authenticated users to affect availability via unknown vectors related to Core... Read more

    Affected Products : financial_services_software
    • EPSS Score: %0.74
    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2020-2933

    Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 5.1.48 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocol... Read more

    • EPSS Score: %0.13
    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2013-3836

    Unspecified vulnerability in the Oracle Web Cache component in Oracle Fusion Middleware 11.1.1.6 and 11.1.1.7 allows remote authenticated users to affect confidentiality via vectors related to ESI/Partial Page Caching.... Read more

    Affected Products : fusion_middleware
    • EPSS Score: %0.14
    • Published: Oct. 16, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 291781 Results