Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2012-2214

    proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service (application crash) via a sequence of XMPP file-transfer requests... Read more

    Affected Products : pidgin
    • EPSS Score: %0.54
    • Published: Jul. 03, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-1548

    Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types.... Read more

    • EPSS Score: %0.58
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-0117

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012... Read more

    Affected Products : mysql
    • EPSS Score: %0.37
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-2149

    Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.16 and 5.x before 5.0.7 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to shared files.... Read more

    Affected Products : owncloud owncloud_server
    • EPSS Score: %0.18
    • Published: Mar. 14, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2012-1987

    Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory... Read more

    • EPSS Score: %0.74
    • Published: May. 29, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-1511

    Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.... Read more

    Affected Products : mysql mariadb solaris
    • EPSS Score: %0.57
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2025-55455

    DooTask v1.0.51 was dicovered to contain an authenticated arbitrary download vulnerability via the component /msg/sendtext.... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Authentication

  • 3.5

    LOW
    CVE-2021-42700

    Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information.... Read more

    Affected Products : inkscape
    • EPSS Score: %0.35
    • Published: May. 18, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2022-37438

    In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drilldown ... Read more

    Affected Products : splunk splunk_cloud_platform
    • EPSS Score: %0.28
    • Published: Aug. 16, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2022-3624

    A vulnerability was found in Linux Kernel and classified as problematic. Affected by this issue is the function rlb_arp_xmit of the file drivers/net/bonding/bond_alb.c of the component IPsec. The manipulation leads to memory leak. It is recommended to app... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.02
    • Published: Oct. 21, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2020-2933

    Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 5.1.48 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocol... Read more

    • EPSS Score: %0.13
    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2012-0544

    Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.4.0 allows remote authenticated users to affect integrity via unknown vectors related to Core, a... Read more

    Affected Products : financial_services_software
    • EPSS Score: %0.36
    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2005-4189

    Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title field when deleting eve... Read more

    Affected Products : kronolith_h3
    • EPSS Score: %1.12
    • Published: Dec. 13, 2005
    • Modified: Apr. 03, 2025

  • 3.5

    LOW
    CVE-2015-4358

    Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Ubercart Discount Coupons module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via ve... Read more

    Affected Products : ubercart_discount_coupons
    • EPSS Score: %0.15
    • Published: Jun. 15, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2008-1969

    Multiple cross-site scripting (XSS) vulnerabilities in Cezanne 6.5.1 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) LookUPId and (2) CbFun parameters to (a) CFLookUP.asp; (3) TitleParms, (4) WidgetsHeights, (5) WidgetsLink... Read more

    Affected Products : cezanne
    • EPSS Score: %0.31
    • Published: Apr. 27, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2009-3652

    Cross-site scripting (XSS) vulnerability in Organic Groups (OG) 5.x-7.x before 5.x-7.4, 5.x-8.x before 5.x-8.1, and 6.x-1.x before 6.x-1.4, a module for Drupal, allows remote authenticated users, with create or edit group nodes permissions, to inject arbi... Read more

    Affected Products : drupal organic_groups
    • EPSS Score: %0.27
    • Published: Oct. 09, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2010-2698

    Multiple cross-site scripting (XSS) vulnerabilities in Sijio Community Software allow remote authenticated users to inject arbitrary web script or HTML via the title parameter when (1) editing a new blog, (2) adding an album, or (3) editing an album. NOT... Read more

    Affected Products : community_software
    • EPSS Score: %0.14
    • Published: Jul. 12, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2017-2730

    HUAWEI HiLink APP (for IOS) versions earlier before 5.0.25.306 and HUAWEI Tech Support APP (for IOS) versions earlier before 5.0.0 have an information leak vulnerability. When an iPhone with these APPs installed access the Wi-Fi hotpot built by attacker, ... Read more

    Affected Products : iphone_os hilink tech_support
    • EPSS Score: %0.04
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2012-4270

    Cross-site scripting (XSS) vulnerability in eFront 3.6.11 allows remote authenticated users to inject arbitrary web script or HTML via the subject box of a message.... Read more

    Affected Products : efront
    • EPSS Score: %0.18
    • Published: Aug. 13, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2008-3874

    Cross-site scripting (XSS) vulnerability in account.php in Lussumo Vanilla 1.1.5-rc1, 1.1.4, and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Value field (aka Label ==> Value pairs). NOTE: some of these details... Read more

    Affected Products : vanilla
    • EPSS Score: %0.34
    • Published: Aug. 29, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 291638 Results