Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2020-11044

    In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_read_cache_bitmap_v3_order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0.... Read more

    Affected Products : ubuntu_linux debian_linux freerdp
    • EPSS Score: %0.09
    • Published: May. 07, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2007-6421

    Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.... Read more

    Affected Products : http_server
    • EPSS Score: %3.77
    • Published: Jan. 08, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2014-4235

    Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, and 12.2.3 allows remote authenticated users to affect integrity via unknown vectors.... Read more

    Affected Products : e-business_suite
    • EPSS Score: %0.44
    • Published: Jul. 17, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2020-11526

    libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read.... Read more

    Affected Products : ubuntu_linux debian_linux leap freerdp
    • EPSS Score: %0.21
    • Published: May. 15, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2011-0904

    The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a de... Read more

    Affected Products : vino
    • EPSS Score: %1.02
    • Published: May. 10, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-4739

    Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote authenticated users to affect integrity via unknown vectors related to Help screens.... Read more

    Affected Products : e-business_suite
    • EPSS Score: %0.15
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2023-3511

    An issue has been discovered in GitLab EE affecting all versions starting from 8.17 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible for auditor users to fork and submit merge req... Read more

    Affected Products : gitlab
    • EPSS Score: %0.02
    • Published: Dec. 15, 2023
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2024-47259

    Girishunawane, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files to the Axis device with t... Read more

    Affected Products : axis_os
    • Published: Mar. 04, 2025
    • Modified: Mar. 04, 2025
    • Vuln Type: Injection

  • 3.5

    LOW
    CVE-2023-23934

    Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cook... Read more

    Affected Products : werkzeug
    • EPSS Score: %0.27
    • Published: Feb. 14, 2023
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2023-50458

    In Dradis before 4.11.0, the Output Console shows a job queue that may contain information about other users' jobs.... Read more

    Affected Products : dradis
    • Published: Jul. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 3.5

    LOW
    CVE-2025-53862

    A flaw was found in Ansible. Three API endpoints are accessible and return verbose, unauthenticated responses. This flaw allows a malicious user to access data that may contain important information.... Read more

    Affected Products : ansible_automation_platform
    • Published: Jul. 11, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Authentication

  • 3.5

    LOW
    CVE-2015-4892

    Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 allows remote authenticated users to affect integrity via unknown vectors related to Security, a different vulnerability than CVE-2015-4917.... Read more

    Affected Products : supply_chain_products_suite
    • EPSS Score: %0.15
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-3933

    Cross-site scripting (XSS) vulnerability in the address components field formatter in the AddressField Tokens module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via an address field.... Read more

    Affected Products : addressfield_tokens
    • EPSS Score: %0.20
    • Published: Jun. 02, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-3362

    Cross-site scripting (XSS) vulnerability in the Video module before 7.x-2.11 for Drupal, when using the video WYSIWYG plugin, allows remote authenticated users to inject arbitrary web script or HTML via a node title.... Read more

    Affected Products : video
    • EPSS Score: %0.20
    • Published: Apr. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0894

    RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows context-dependent attackers to discover database credentials by reading the DbUser and DbPass fields in an XML document.... Read more

    Affected Products : algo_credit_limits algorithmics
    • EPSS Score: %10.74
    • Published: Jul. 07, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-7978

    Cross-site scripting (XSS) vulnerability in the BlueMasters theme 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings.... Read more

    Affected Products : bluemasters
    • EPSS Score: %0.23
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-7979

    Cross-site scripting (XSS) vulnerability in the SimpleCorp theme 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings.... Read more

    Affected Products : simplecorp
    • EPSS Score: %0.23
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0832

    Multiple cross-site scripting (XSS) vulnerabilities in configuration-details screens in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted t... Read more

    Affected Products : financial_transaction_manager
    • EPSS Score: %0.17
    • Published: Feb. 01, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-0925

    Open redirect vulnerability in IBM Sterling Control Center 5.4.0 before 5.4.0.1 iFix 3 and 5.4.1 before 5.4.1.0 iFix 2 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.... Read more

    Affected Products : sterling_control_center
    • EPSS Score: %0.14
    • Published: May. 30, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-5452

    IBM FileNet Business Process Framework 4.1.0 allows remote authenticated users to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an X... Read more

    • EPSS Score: %0.30
    • Published: Dec. 19, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 291672 Results