Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2014-2430

    Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.... Read more

    • Published: Apr. 16, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-1906

    Cross-site scripting (XSS) vulnerability in the REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to injec... Read more

    Affected Products : business_process_manager
    • Published: Jul. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2024-12683

    The Smart Maintenance Mode WordPress plugin before 1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is dis... Read more

    Affected Products : smart_maintenance_mode
    • Published: Mar. 26, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2025-53862

    A flaw was found in Ansible. Three API endpoints are accessible and return verbose, unauthenticated responses. This flaw allows a malicious user to access data that may contain important information.... Read more

    Affected Products : ansible_automation_platform
    • Published: Jul. 11, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Authentication

  • 3.5

    LOW
    CVE-2024-13123

    The AFI WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for exa... Read more

    Affected Products : advanced_form_integration
    • Published: Mar. 25, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2024-13122

    The AFI WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for exa... Read more

    Affected Products : advanced_form_integration
    • Published: Mar. 25, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2025-48219

    O2 UK before 2025-05-19 allows subscribers to determine the Cell ID of other subscribers by initiating an IMS (IP Multimedia Subsystem) call and then reading the utran-cell-id-3gpp field of a Cellular-Network-Info SIP header, aka an ECI (E-UTRAN Cell Iden... Read more

    Affected Products :
    • Published: May. 18, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Information Disclosure

  • 3.5

    LOW
    CVE-2025-51385

    D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the yyxz_dlink_asp function via the id parameter.... Read more

    Affected Products : di-8200_firmware di-8200
    • Published: Jul. 31, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Memory Corruption

  • 3.5

    LOW
    CVE-2008-1330

    Unspecified vulnerability in the Windows client API in Novell GroupWise 7 before SP3 and 6.5 before SP6 Update 3 allows remote authenticated users to access the non-shared stored e-mail messages of another user who has shared at least one folder with the ... Read more

    Affected Products : groupwise
    • Published: Mar. 18, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2024-13121

    The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform ... Read more

    Affected Products : profilepress
    • Published: Feb. 13, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2025-1452

    The Favorites WordPress plugin before 2.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ... Read more

    Affected Products : favorites
    • Published: Mar. 25, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2025-0692

    The Simple Video Management System WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabili... Read more

    Affected Products : simple_video_management_system
    • Published: Feb. 13, 2025
    • Modified: May. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2008-1484

    The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate crea... Read more

    Affected Products : punbb
    • Published: Mar. 24, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2021-39163

    Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the name, avatar, topic and number of members of a room if they know the ID of the room. This vulnerability is limit... Read more

    Affected Products : fedora synapse
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2021-39164

    Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership (list of members, with their display names) of a room if they know the ID of the room. The vulnerabil... Read more

    Affected Products : fedora synapse
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2023-28845

    Nextcloud talk is a video & audio conferencing app for Nextcloud. In affected versions the talk app does not properly filter access to a conversations member list. As a result an attacker could use this vulnerability to gain information about the members ... Read more

    Affected Products : talk nextcloud_server notes
    • Published: Mar. 31, 2023
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2007-5977

    Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST re... Read more

    Affected Products : phpmyadmin
    • Published: Nov. 15, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2009-0093

    Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Disco... Read more

    • Published: Mar. 11, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2015-4861

    Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.... Read more

    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-2641

    Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.... Read more

    Affected Products : ubuntu_linux mysql
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293961 Results