Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2024-26476

    An issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted script to the formid parameter in the ereq_form.php component.... Read more

    Affected Products : openemr mpdf
    • Published: Feb. 28, 2024
    • Modified: May. 13, 2025

  • 3.5

    LOW
    CVE-2025-25899

    A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the 'gw' parameter at /userRpm/WanDynamicIpV6CfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.... Read more

    • Published: Feb. 13, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Denial of Service

  • 3.5

    LOW
    CVE-2014-5420

    CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded application password, which makes it easier for remote authenticated users to obtain application-file access via unspecified vectors.... Read more

    Affected Products : pyxis_supplystation
    • EPSS Score: %0.21
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2012-4954

    The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a "parameter manipulation" issue.... Read more

    Affected Products : vanilla_forums vanilla
    • EPSS Score: %0.32
    • Published: Nov. 15, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2021-33031

    In LabCup before <v2_next_18022, it is possible to use the save API to perform unauthorized actions for users without access to user management in order to, after successful exploitation, gain access to a victim's account. A user without the user-manageme... Read more

    Affected Products : labcup
    • EPSS Score: %0.14
    • Published: Jun. 10, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2014-5508

    Multiple integer overflows in the HelpServ module (mod-helpserv.c) in srvx 1.3.1 allow remote authenticated IRCops or HelpServ bot managers to cause a denial of service (infinite loop) via a large value in the EmptyInterval parameter or certain other inte... Read more

    Affected Products : srvx
    • EPSS Score: %0.43
    • Published: Sep. 05, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2016-5509

    Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Difficult to exploit vulnerability allows l... Read more

    Affected Products : flexcube_investor_servicing
    • EPSS Score: %0.25
    • Published: Jan. 27, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2024-3920

    The Flattr WordPress plugin through 1.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ex... Read more

    Affected Products : flattr
    • Published: May. 23, 2024
    • Modified: May. 21, 2025

  • 3.5

    LOW
    CVE-2024-44918

    A cross-site scripting (XSS) vulnerability in the component admin_datarelate.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.... Read more

    Affected Products : seacms
    • Published: Aug. 30, 2024
    • Modified: Mar. 28, 2025

  • 3.5

    LOW
    CVE-2024-2220

    The Button contact VR WordPress plugin through 4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowe... Read more

    Affected Products : call_\/_chat_\/_contact_button
    • Published: May. 23, 2024
    • Modified: May. 15, 2025

  • 3.5

    LOW
    CVE-2023-45715

    The console may experience a service interruption when processing file names with invalid characters. ... Read more

    Affected Products : bigfix_platform
    • Published: Mar. 28, 2024
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2023-39061

    Cross Site Request Forgery (CSRF) vulnerability in Chamilo v.1.11 thru v.1.11.20 allows a remote authenticated privileged attacker to execute arbitrary code.... Read more

    Affected Products : chamilo_lms chamilo
    • EPSS Score: %1.04
    • Published: Aug. 21, 2023
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2025-42978

    The widely used component that establishes outbound TLS connections in SAP NetWeaver Application Server Java does not reliably match the hostname that is used for the connection against the wildcard hostname defined in the received certificate of remote T... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Misconfiguration

  • 3.5

    LOW
    CVE-2025-42941

    SAP Fiori (Launchpad) is vulnerable to Reverse Tabnabbing vulnerability due to inadequate external navigation protections for its link (<a>) elements. An attacker with administrative user privileges could exploit this by leveraging compromised or maliciou... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Misconfiguration

  • 3.5

    LOW
    CVE-2025-46546

    In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asset/list, /api/gui/files/export/csv/, /api/gui/files/list, /api/gui/process/export/csv, /api/gui/process/export/xlsx,... Read more

    Affected Products :
    • Published: Apr. 25, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 3.5

    LOW
    CVE-2025-47288

    Discourse Policy plugin gives the ability to confirm users have seen or done something. Prior to version 0.1.1, if there was a policy posted to a public topic that was tied to a private group then the group members could be shown to non-group members. Thi... Read more

    Affected Products :
    • Published: May. 29, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Information Disclosure

  • 3.5

    LOW
    CVE-2025-4227

    An improper access control vulnerability in the Endpoint Traffic Policy Enforcement https://docs.paloaltonetworks.com/globalprotect/6-0/globalprotect-app-new-features/new-features-released-in-gp-app/endpoint-traffic-policy-enforcement feature of the Pal... Read more

    Affected Products : globalprotect globalprotect_app
    • Published: Jun. 13, 2025
    • Modified: Jun. 27, 2025
    • Vuln Type: Authorization

  • 3.5

    LOW
    CVE-2011-1401

    ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the "meta stylesheet" directive, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted Cascading Style... Read more

    Affected Products : ikiwiki
    • EPSS Score: %0.38
    • Published: Apr. 11, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2009-0093

    Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Disco... Read more

    • EPSS Score: %51.11
    • Published: Mar. 11, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2009-0481

    Bugzilla 2.x before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote authenticated users to conduct cross-site scripting (XSS) and related attacks by uploading HTML and JavaScript attachments that are rendered by web browsers... Read more

    Affected Products : bugzilla
    • EPSS Score: %0.23
    • Published: Feb. 09, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 292750 Results