Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2024-9097

    ManageEngine Endpoint Central versions before 11.3.2440.09 are vulnerable to IDOR vulnerability which allows the attacker to change the username in the chat.... Read more

    Affected Products : manageengine_endpoint_central
    • Published: Feb. 05, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Authorization

  • 3.5

    LOW
    CVE-2013-1833

    Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafte... Read more

    Affected Products : moodle
    • EPSS Score: %0.21
    • Published: Mar. 25, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2007-6190

    The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute messag... Read more

    Affected Products : unified_ip_phone
    • EPSS Score: %0.36
    • Published: Nov. 30, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2013-1290

    Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items... Read more

    Affected Products : sharepoint_server
    • EPSS Score: %19.29
    • Published: Apr. 09, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-1606

    Multiple cross-site scripting (XSS) vulnerabilities in the Backend component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allow remote authenticated backend users to inject arbitrary web script or HTML via unspeci... Read more

    Affected Products : typo3
    • EPSS Score: %0.29
    • Published: Sep. 04, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-2108

    Unspecified vulnerability in Powershell Operations in HP Operations Orchestration 9.x and 10.x allows remote authenticated users to obtain sensitive information via unknown vectors.... Read more

    Affected Products : operations_orchestration
    • EPSS Score: %0.18
    • Published: Mar. 31, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2024-10515

    In the process of testing the SEO Plugin by Squirrly SEO WordPress plugin before 12.3.21, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor... Read more

    Affected Products : seo_plugin_by_squirrly_seo
    • Published: Nov. 20, 2024
    • Modified: Mar. 31, 2025

  • 3.5

    LOW
    CVE-2012-3476

    Multiple cross-site scripting (XSS) vulnerabilities in (1) application/views/admin/layout.php and (2) themes/default/views/header.php in the Ushahidi Platform before 2.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors r... Read more

    Affected Products : ushahidi_platform
    • EPSS Score: %0.16
    • Published: Aug. 12, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2021-27913

    The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session ... Read more

    Affected Products : mautic
    • EPSS Score: %0.09
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2022-24236

    An insecure permissions vulnerability in Snapt Aria v12.8 allows unauthenticated attackers to send e-mails from spoofed users' accounts.... Read more

    Affected Products : aria
    • EPSS Score: %0.25
    • Published: Mar. 21, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2025-25899

    A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the 'gw' parameter at /userRpm/WanDynamicIpV6CfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.... Read more

    • Published: Feb. 13, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Denial of Service

  • 3.5

    LOW
    CVE-2014-6150

    Cross-site scripting (XSS) vulnerability in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.0 through 7.2.1.6 and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.... Read more

    • EPSS Score: %0.19
    • Published: Oct. 31, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-0122

    Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix 5, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different v... Read more

    Affected Products : rational_team_concert
    • EPSS Score: %0.19
    • Published: Mar. 13, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-5313

    Cross-site scripting (XSS) vulnerability in the management page in Six Apart Movable Type before 5.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : movable_type movabletype
    • EPSS Score: %0.21
    • Published: Sep. 10, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2012-3924

    The SSLVPN implementation in Cisco IOS 15.1 and 15.2, when DTLS is enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a PPP ove... Read more

    Affected Products : ios
    • EPSS Score: %0.38
    • Published: Sep. 16, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2017-9139

    There is a stack-based buffer overflow on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). Crafted POST requests to an unspecified URL result in DoS, interrupting the HTTP service (used to login to the web UI of a router) for 1 to 2 seco... Read more

    • EPSS Score: %0.11
    • Published: May. 21, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2021-22193

    An issue has been discovered in GitLab affecting all versions starting with 7.1. A member of a private group was able to validate the use of a specific name for private project.... Read more

    Affected Products : gitlab
    • EPSS Score: %0.28
    • Published: Mar. 24, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2009-3648

    Cross-site scripting (XSS) vulnerability in Service Links 6.x-1.0, a module for Drupal, allows remote authenticated users, with 'administer content types' permissions, to inject arbitrary web script or HTML via unspecified vectors when displaying content ... Read more

    Affected Products : drupal service_links
    • EPSS Score: %0.14
    • Published: Oct. 09, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2015-5953

    Cross-site scripting (XSS) vulnerability in the activity application in ownCloud Server before 7.0.5 and 8.0.x before 8.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a " (double quote) character in a filename in a shared... Read more

    Affected Products : owncloud owncloud_server
    • EPSS Score: %0.18
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2020-4049

    In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. This does require an admin to upload the theme, and is low severity sel... Read more

    Affected Products : fedora debian_linux wordpress
    • EPSS Score: %2.29
    • Published: Jun. 12, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291830 Results