Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2025-46546

    In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asset/list, /api/gui/files/export/csv/, /api/gui/files/list, /api/gui/process/export/csv, /api/gui/process/export/xlsx,... Read more

    Affected Products :
    • Published: Apr. 25, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 3.5

    LOW
    CVE-2025-47700

    Mattermost Server versions 10.5.x <= 10.5.9 utilizing the Agents plugin fail to reject empty request bodies which allows users to trick users into clicking malicious links via post actions... Read more

    Affected Products : mattermost_server
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authentication

  • 3.5

    LOW
    CVE-2025-24429

    Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass allowing read only access. A low-privileged attacker could le... Read more

    Affected Products : magento commerce magento commerce_b2b
    • Published: Feb. 11, 2025
    • Modified: Apr. 16, 2025
    • Vuln Type: Authorization

  • 3.5

    LOW
    CVE-2013-1503

    Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 allows remote authenticated users to affect integrity via unknown vectors related to Content Server.... Read more

    Affected Products : fusion_middleware
    • EPSS Score: %0.14
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-2364

    Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : system_management_homepage
    • EPSS Score: %0.19
    • Published: Jul. 22, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-4895

    Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.... Read more

    • EPSS Score: %0.54
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-4737

    Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.... Read more

    Affected Products : ubuntu_linux debian_linux mysql solaris
    • EPSS Score: %0.24
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2024-42208

    HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data.... Read more

    Affected Products : connections
    • Published: Apr. 04, 2025
    • Modified: Apr. 07, 2025
    • Vuln Type: Information Disclosure

  • 3.5

    LOW
    CVE-2013-2040

    Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : owncloud owncloud_server
    • EPSS Score: %0.18
    • Published: Mar. 14, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2024-42209

    HCL Connections is vulnerable to an information disclosure vulnerability that could allow a user to obtain sensitive information they are not entitled to, which is caused by improper handling of request data.... Read more

    Affected Products : connections
    • Published: Jul. 17, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Information Disclosure

  • 3.5

    LOW
    CVE-2013-1833

    Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafte... Read more

    Affected Products : moodle
    • EPSS Score: %0.21
    • Published: Mar. 25, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2021-20761

    Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker with an administrative privilege to alter the data of E-mail without the appropriate privilege.... Read more

    Affected Products : garoon
    • EPSS Score: %0.15
    • Published: Aug. 18, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2013-1290

    Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items... Read more

    Affected Products : sharepoint_server
    • EPSS Score: %19.29
    • Published: Apr. 09, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-6161

    Cross-site scripting (XSS) vulnerability in IBM Tivoli Netcool/Impact 6.1.1 before 6.1.1.1-TIV-NCI-IF0001 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : tivoli_netcool\/impact
    • EPSS Score: %0.19
    • Published: Nov. 08, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2012-4422

    wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated users to ... Read more

    Affected Products : wordpress
    • EPSS Score: %0.31
    • Published: Sep. 14, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-6237

    Cross-site scripting (XSS) vulnerability in the News Pack extension 0.1.0 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : news_pack
    • EPSS Score: %0.21
    • Published: Sep. 11, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-4803

    CRLF injection vulnerability in the Universal Access implementation in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix007, and 6.0.5 before 6.0.5.5 iFix003, when WebSphere Application Server is not used, allows remote au... Read more

    Affected Products : curam_social_program_management
    • EPSS Score: %0.14
    • Published: Feb. 13, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-4836

    Cross-site scripting (XSS) vulnerability in breakOutWithName.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbitrary web s... Read more

    Affected Products : tririga_application_platform
    • EPSS Score: %0.19
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-4771

    IBM WebSphere MQ 7.0.1 before 7.0.1.13, 7.1 before 7.1.0.6, 7.5 before 7.5.0.5, and 8 before 8.0.0.1 allows remote authenticated users to cause a denial of service (queue-slot exhaustion) by leveraging PCF query privileges for a crafted query.... Read more

    Affected Products : websphere_mq
    • EPSS Score: %0.35
    • Published: Feb. 13, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-4838

    Cross-site scripting (XSS) vulnerability in GanttProjectSchedulerPopup.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbit... Read more

    Affected Products : tririga_application_platform
    • EPSS Score: %0.19
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 292725 Results