Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2015-0933

    Absolute path traversal vulnerability in ShareLaTeX 0.1.3 and earlier, when the paranoid openin_any setting is omitted, allows remote authenticated users to read arbitrary files via a \include command.... Read more

    Affected Products : sharelatex
    • EPSS Score: %0.42
    • Published: Mar. 04, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2019-10209

    Postgresql, versions 11.x before 11.5, is vulnerable to a memory disclosure in cross-type comparison for hashed subplan.... Read more

    Affected Products : postgresql
    • EPSS Score: %0.44
    • Published: Oct. 29, 2019
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2016-0379

    IBM WebSphere MQ 7.5 before 7.5.0.7 and 8.0 before 8.0.0.5 mishandles protocol flows, which allows remote authenticated users to cause a denial of service (channel outage) by leveraging queue-manager rights.... Read more

    Affected Products : websphere_mq
    • EPSS Score: %0.32
    • Published: Sep. 26, 2016
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-2273

    Cross-site scripting (XSS) vulnerability in mod/quiz/report/statistics/statistics_question_table.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to inject arbitrary web script o... Read more

    Affected Products : moodle
    • EPSS Score: %0.21
    • Published: Jun. 01, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2011-0904

    The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a de... Read more

    Affected Products : vino
    • EPSS Score: %1.02
    • Published: May. 10, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-4558

    The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a deni... Read more

    Affected Products : subversion mod_dav_svn
    • EPSS Score: %1.78
    • Published: Dec. 07, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2007-5461

    Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request th... Read more

    Affected Products : tomcat
    • EPSS Score: %7.17
    • Published: Oct. 15, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2012-0814

    The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messag... Read more

    Affected Products : openssh
    • EPSS Score: %0.60
    • Published: Jan. 27, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-3268

    Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Firewall, Router, Switch, and Switch and Route Processing ... Read more

    • EPSS Score: %1.34
    • Published: Feb. 01, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-1879

    Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action.... Read more

    Affected Products : phpmyadmin
    • EPSS Score: %0.23
    • Published: Feb. 20, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-9739

    Cross-site scripting (XSS) vulnerability in the Node Field module 7.x-2.x before 7.x-2.45 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors involving internal fields.... Read more

    Affected Products : node_field
    • EPSS Score: %0.16
    • Published: Jul. 06, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-2760

    Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : data_loss_prevention_endpoint
    • EPSS Score: %0.18
    • Published: Mar. 27, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2024-43755

    Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and aff... Read more

    • Published: Dec. 10, 2024
    • Modified: Jan. 15, 2025

  • 3.5

    LOW
    CVE-2007-0275

    Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 1... Read more

    • EPSS Score: %0.85
    • Published: Jan. 17, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2013-3004

    Directory traversal vulnerability in BIRT-Report Viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.x and 7.2.x before 7.2.1.5 allows remote authenticated users to read arbitrary files via unspecified vectors.... Read more

    • EPSS Score: %0.14
    • Published: Jul. 01, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2012-5200

    Cross-site scripting (XSS) vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote authenticated users to inject arbitrary web script or HTML via unspecif... Read more

    • EPSS Score: %0.19
    • Published: Mar. 09, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-0364

    Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect availability via unknown vectors related to Integration Business Services.... Read more

    Affected Products : siebel_crm
    • EPSS Score: %0.42
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2024-11924

    The Icegram Express formerly known as Email Subscribers WordPress plugin before 5.7.52 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the un... Read more

    Affected Products : icegram_express
    • Published: Apr. 17, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2025-1525

    The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disall... Read more

    • Published: Apr. 17, 2025
    • Modified: Apr. 30, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2025-1523

    The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disall... Read more

    • Published: Apr. 17, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 292099 Results