Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2010-1810

    FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate.... Read more

    Affected Products : iphone_os ipod_touch
    • Published: Sep. 09, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-5811

    Unspecified vulnerability in the Oracle Health Sciences InForm component in Oracle Industry Applications 4.5 SP3, 4.5 SP3a-k, 4.6 SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0, 5.0 SP0a, 5.0 SP1, and 5.0 SP1a-b allows remote authentic... Read more

    Affected Products : industry_applications
    • Published: Oct. 16, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-2535

    Multiple cross-site scripting (XSS) vulnerabilities in the Back End in Joomla! 1.5.x before 1.5.20 allow remote authenticated users to inject arbitrary web script or HTML via administrator screens.... Read more

    Affected Products : joomla\!
    • Published: Oct. 05, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-0944

    The web-based file-restore interface in EMC Avamar Server before 6.1.0 allows remote authenticated users to read arbitrary files via a crafted URL.... Read more

    Affected Products : avamar
    • Published: May. 03, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-6964

    Cisco WebEx Meeting Center allows remote authenticated users to bypass access control and inject content from a different WebEx site via unspecified vectors, aka Bug ID CSCul36197.... Read more

    Affected Products : webex_meeting_center
    • Published: Dec. 14, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-3069

    Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2) Password to the NAS User Setup page, (3) deviceName to USB_a... Read more

    Affected Products : wndr4700_firmware wndr4700
    • Published: Apr. 25, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2008-2603

    Unspecified vulnerability in the Resource Manager component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6, and Database Control in Enterprise Manager, has unknown impact and remote authenticated attack vectors. NOTE: the previous information was obt... Read more

    Affected Products : enterprise_manager
    • Published: Jul. 15, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2007-4977

    Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter.... Read more

    • Published: Sep. 19, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2009-0871

    The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of serv... Read more

    Affected Products : asterisk open_source
    • Published: Mar. 11, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2023-22329

    Improper input validation in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via adjacent access.... Read more

    • Published: Nov. 14, 2023
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2008-6229

    Cross-site scripting (XSS) vulnerability in the administrative interface in Drupal Content Construction Kit (CCK) 5.x before 5.x-1.10 and 6.x before 6.x-2.0, a module for Drupal, allows remote authenticated users with "administer content" permissions to i... Read more

    Affected Products : content_construction_kit
    • Published: Feb. 20, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2012-0544

    Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.4.0 allows remote authenticated users to affect integrity via unknown vectors related to Core, a... Read more

    Affected Products : financial_services_software
    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2018-2767

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privi... Read more

    • Published: Jul. 18, 2018
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2008-1969

    Multiple cross-site scripting (XSS) vulnerabilities in Cezanne 6.5.1 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) LookUPId and (2) CbFun parameters to (a) CFLookUP.asp; (3) TitleParms, (4) WidgetsHeights, (5) WidgetsLink... Read more

    Affected Products : cezanne
    • Published: Apr. 27, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2024-12769

    The Simple Banner WordPress plugin before 3.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed ... Read more

    Affected Products : simple_banner
    • Published: Mar. 25, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2023-30565

    An insecure connection between Systems Manager and CQI Reporter application could expose infusion data to an attacker.... Read more

    Affected Products : guardrails_cqi_reporter
    • Published: Jul. 13, 2023
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2023-3613

    Mattermost WelcomeBot plugin fails to to validate the membership status when inviting or adding users to channels allowing guest accounts to be added or invited to channels by default. ... Read more

    Affected Products : mattermost_server
    • Published: Jul. 17, 2023
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2017-18436

    cPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call (SEC-239).... Read more

    Affected Products : cpanel
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2024-10554

    The WordPress WP-Advanced-Search WordPress plugin before 3.3.9.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabilit... Read more

    Affected Products : wp-advanced-search
    • Published: Mar. 25, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2022-3343

    The WPQA Builder WordPress plugin before 5.9.3 (which is a companion plugin used with Discy and Himer Discy WordPress themes) incorrectly tries to validate that a user already follows another in the wpqa_following_you_ajax action, allowing a user to infla... Read more

    Affected Products : discy wpqa_builder himer
    • Published: Jan. 09, 2023
    • Modified: Apr. 09, 2025
Showing 20 of 293566 Results