Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2025-26865

    Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: from 18.12.17 before 18.12.18.   It's a regression between 18.12.17 and 18.12.18. In case you use something like that, ... Read more

    Affected Products : ofbiz
    • Published: Mar. 10, 2025
    • Modified: Jun. 23, 2025

  • 3.5

    LOW
    CVE-2007-4412

    Multiple cross-site scripting (XSS) vulnerabilities in Headstart Solutions DeskPRO 3.0.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters to (1) techs.php, (2) ticket_category.php, (3) ticket_priority.php,... Read more

    Affected Products : deskpro
    • Published: Aug. 18, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2024-55416

    DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link, arbitrary Javascript can be executed.... Read more

    Affected Products : voyager
    • Published: Jan. 30, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2019-10155

    The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value ... Read more

    • Published: Jun. 12, 2019
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2020-2734

    Vulnerability in the RDBMS/Optimizer component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Execute on DBMS_SQLTUNE privilege w... Read more

    Affected Products : database database_server
    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2021-32007

    This issue affects: Secomea GateManager Version 9.5 and all prior versions. Protection Mechanism Failure vulnerability in web server of Secomea GateManager to potentially leak information to remote servers.... Read more

    Affected Products : gatemanager
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 3.5

    LOW
    CVE-2021-2335

    Vulnerability in the Oracle Database - Enterprise Edition Data Redaction component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Creat... Read more

    Affected Products : database database_server
    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2021-25075

    The Duplicate Page or Post WordPress plugin before 1.5.1 does not have any authorisation and has a flawed CSRF check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing any authenticated users, such as subscriber to call it and chang... Read more

    Affected Products : duplicate_page_or_post
    • Published: Feb. 21, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2017-2383

    An issue was discovered in certain Apple products. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. The issue involves cleartext client-certificate transmission in the "APNs Server" component. It allows man-in-the-middl... Read more

    Affected Products : itunes icloud
    • Published: Apr. 02, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2007-2683

    Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion.... Read more

    Affected Products : mutt
    • Published: May. 15, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2021-31224

    SES Evolution before 2.1.0 allows duplicating an existing security policy by leveraging access of a user having read-only access to security policies.... Read more

    Affected Products : endpoint_security
    • Published: Jul. 13, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2020-25688

    A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two internal service APIs were incorrectly provisioned using a test certificate from the source repository. This would result in all installations using the same certificates. If an attacke... Read more

    • Published: Nov. 23, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2020-6317

    In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information which appears in the installation log files. This information although sensitive is of limited utility and ca... Read more

    Affected Products : adaptive_server_enterprise
    • Published: Nov. 30, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2024-43755

    Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and aff... Read more

    • Published: Dec. 10, 2024
    • Modified: Jan. 15, 2025

  • 3.5

    LOW
    CVE-2014-8743

    Multiple cross-site scripting (XSS) vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a (1) Role or (2) Organic Group name.... Read more

    Affected Products : maestro maestro
    • Published: Oct. 13, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-9017

    Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 (build 23338) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field in a Task to frontend/index.jsp.... Read more

    Affected Products : openkm
    • Published: Mar. 11, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2012-4065

    Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to bypass unspecified authorization checks and obtain direct access to a (1) Cloud Controller or (2) Walrus serv... Read more

    Affected Products : eucalyptus
    • Published: Oct. 01, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2023-4654

    Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1.... Read more

    Affected Products : instantcms icms2
    • Published: Aug. 31, 2023
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2015-0913

    Cross-site scripting (XSS) vulnerability in EasyCTF before 1.4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : easyctf
    • Published: May. 01, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-0533

    Cross-site scripting (XSS) vulnerability in the Sametime Links server in IBM Sametime 8.0.2 through 8.5.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • Published: Apr. 28, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 293414 Results