Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2024-29181

    Strapi is an open-source content management system. Prior to version 4.19.1, a super admin can create a collection where an item in the collection has an association to another collection. When this happens, another user with Author Role can see the list ... Read more

    Affected Products : strapi
    • Published: Jun. 12, 2024
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2008-5757

    Cross-site scripting (XSS) vulnerability in textarea/index.php in Textpattern (aka Txp CMS) 4.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Body parameter in an article action. NOTE: some of these detail... Read more

    Affected Products : textpattern
    • Published: Dec. 30, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2025-3514

    The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    Affected Products : sureforms
    • Published: May. 02, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2020-25688

    A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two internal service APIs were incorrectly provisioned using a test certificate from the source repository. This would result in all installations using the same certificates. If an attacke... Read more

    • Published: Nov. 23, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2020-6317

    In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information which appears in the installation log files. This information although sensitive is of limited utility and ca... Read more

    Affected Products : adaptive_server_enterprise
    • Published: Nov. 30, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2014-6100

    Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6.1 before 6.1.0.64-ISS-ITDS-IF0064, 6.2 before 6.2.0.39-ISS-ITDS-FP0039, and 6.3 before 6.3.0.33-ISS-ITDS-IF0033, and IBM Security Directory Server 6.3.1 before 6.3.1... Read more

    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2010-1108

    Cross-site scripting (XSS) vulnerability in the Control Panel module 5.x through 5.x-1.5 and 6.x through 6.x-1.2 for Drupal allows remote authenticated users, with "administer blocks" privileges, to inject arbitrary web script or HTML via unspecified vect... Read more

    Affected Products : drupal controlpanel
    • Published: Mar. 25, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-6173

    Cross-site scripting (XSS) vulnerability in the Process Inspector in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : business_process_manager
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2010-4429

    Unspecified vulnerability in the Agile Core component in Oracle Supply Chain Products Suite 9.3.0.2 and 9.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Web Client, a different vulnerability than CVE-2010-3505.... Read more

    Affected Products : supply_chain_products_suite
    • Published: Jan. 19, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2024-42792

    A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=delete_playlist page.... Read more

    Affected Products : music_management_system
    • Published: Aug. 26, 2024
    • Modified: Sep. 05, 2024

  • 3.5

    LOW
    CVE-2025-47288

    Discourse Policy plugin gives the ability to confirm users have seen or done something. Prior to version 0.1.1, if there was a policy posted to a public topic that was tied to a private group then the group members could be shown to non-group members. Thi... Read more

    Affected Products :
    • Published: May. 29, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Information Disclosure

  • 3.5

    LOW
    CVE-2025-46546

    In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asset/list, /api/gui/files/export/csv/, /api/gui/files/list, /api/gui/process/export/csv, /api/gui/process/export/xlsx,... Read more

    Affected Products :
    • Published: Apr. 25, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 3.5

    LOW
    CVE-2025-55523

    An issue in the component /api/download_work_dir_file.py of Agent-Zero v0.8.* allows attackers to execute a directory traversal.... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Path Traversal

  • 3.5

    LOW
    CVE-2025-51383

    D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_road_asp function via the host_ip parameter.... Read more

    Affected Products : di-8200_firmware di-8200
    • Published: Jul. 31, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Memory Corruption

  • 3.5

    LOW
    CVE-2025-49000

    InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in `label-sheet` plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticate... Read more

    Affected Products : inventree
    • Published: Jun. 03, 2025
    • Modified: Jun. 04, 2025
    • Vuln Type: Denial of Service

  • 3.5

    LOW
    CVE-2014-4955

    Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web s... Read more

    Affected Products : phpmyadmin
    • Published: Jul. 20, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2017-2603

    Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak in disconnected agents' config.xml API. This could leak sensitive data such as API tokens (SECURITY-362).... Read more

    Affected Products : jenkins
    • Published: May. 15, 2018
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2013-6323

    Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, and WebSphere Virtual Enterprise 7.x before 7.0.0.5, allows remote authenti... Read more

    • Published: May. 01, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-1417

    do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service (daemon crash) via a TGS-REQ request that trigger... Read more

    Affected Products : kerberos_5 kerberos
    • Published: Nov. 20, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-4055

    Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-4051.... Read more

    Affected Products : lotus_domino
    • Published: Nov. 08, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 293407 Results