Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2024-10710

    The YaDisk Files WordPress plugin through 1.2.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (... Read more

    Affected Products : yadisk_files
    • Published: Nov. 25, 2024
    • Modified: May. 15, 2025

  • 3.5

    LOW
    CVE-2022-46168

    Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta15 on the `beta` and `tests-passed` branches, recipients of a group SMTP email could see the email addresses of all other users inside ... Read more

    Affected Products : discourse
    • EPSS Score: %0.08
    • Published: Jan. 05, 2023
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2024-1979

    A vulnerability was found in Quarkus. In certain conditions related to the CI process, git credentials could be inadvertently published, which could put the git repository at risk.... Read more

    Affected Products : build_of_quarkus
    • Published: Mar. 13, 2024
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2013-5402

    Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utili... Read more

    • EPSS Score: %0.18
    • Published: Dec. 18, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-3544

    Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via the Sky... Read more

    Affected Products : moodle
    • EPSS Score: %0.96
    • Published: Jul. 29, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2021-26988

    Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 and 9.8 are susceptible to a vulnerability which could allow unauthorized tenant users to discover information related to converting a 7-Mode directory to Cluster-mode such as Storage Vi... Read more

    Affected Products : data_ontap clustered_data_ontap
    • EPSS Score: %0.14
    • Published: Mar. 04, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2014-2260

    Cross-site scripting (XSS) vulnerability in plugins/main/content/js/ajenti.coffee in Eugene Pankov Ajenti 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via the command field in the Cron functionality.... Read more

    Affected Products : ajenti
    • EPSS Score: %0.22
    • Published: Apr. 30, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2020-18464

    Cross Site Request Forgery (CSRF) vulnerability in AikCms 2.0.0 in video_list.php, which can let a malicious user delete movie information.... Read more

    Affected Products : aikcms
    • EPSS Score: %0.08
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2024-47799

    Exposure of sensitive system information to an unauthorized control sphere issue exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated attacker may obtain information o... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 12, 2024

  • 3.5

    LOW
    CVE-2013-6446

    The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before 5.0.0 Beta 2, when using MRv2/YARN with HTTP authentication, allows remote authenticated users to obtain sensitive job information by leveraging failure to enforce job ACLs.... Read more

    Affected Products : cdh
    • EPSS Score: %0.21
    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2021-39220

    Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images... Read more

    Affected Products : nextcloud_server mail notes
    • EPSS Score: %0.26
    • Published: Oct. 25, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2023-29066

    The FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data folders.... Read more

    • EPSS Score: %0.04
    • Published: Nov. 28, 2023
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2017-3487

    Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Unit Trust). Supported versions that are affected are 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.1.0, 12.2.0 and 12.3.0. Difficult to exploi... Read more

    Affected Products : flexcube_investor_servicing
    • EPSS Score: %0.25
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2017-3490

    Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Limits and Collateral). Supported versions that are affected are 12.0.0 and 12.1.0. Difficult to exploit vu... Read more

    • EPSS Score: %0.25
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2013-2403

    Unspecified vulnerability in the Siebel Enterprise Application Integration component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Web Services, a different vulnerability th... Read more

    Affected Products : siebel_crm
    • EPSS Score: %0.14
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-4536

    EMC Documentum Content Server before 7.0 P20, 7.1 before P18, and 7.2 before P02, when RPC tracing is configured, stores certain obfuscated password data in a log file, which allows remote authenticated users to obtain sensitive information by reading thi... Read more

    Affected Products : documentum_content_server
    • EPSS Score: %0.20
    • Published: Aug. 20, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2009-3648

    Cross-site scripting (XSS) vulnerability in Service Links 6.x-1.0, a module for Drupal, allows remote authenticated users, with 'administer content types' permissions, to inject arbitrary web script or HTML via unspecified vectors when displaying content ... Read more

    Affected Products : drupal service_links
    • EPSS Score: %0.14
    • Published: Oct. 09, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2015-4807

    Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache.... Read more

    Affected Products : fedora leap mysql mariadb opensuse solaris
    • EPSS Score: %0.62
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2007-2683

    Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion.... Read more

    Affected Products : mutt
    • EPSS Score: %0.13
    • Published: May. 15, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2017-3603

    Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Difficult to exploit vulnerability allows low privil... Read more

    Affected Products : webcenter_sites
    • EPSS Score: %0.23
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291804 Results