Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2013-5452

    IBM FileNet Business Process Framework 4.1.0 allows remote authenticated users to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an X... Read more

    • Published: Dec. 19, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-2950

    CRLF injection vulnerability in IBM WebSphere Portal 6.1.0.x before 6.1.0.3 CF26, 6.1.5.x before 6.1.5 CF26, 7.0.0.x before 7.0.0.2 CF21, and 8.0.0.x through 8.0.0.1 CF5, when home substitution (aka uri.home.substitution) is enabled, allows remote authent... Read more

    Affected Products : websphere_portal
    • Published: Jun. 03, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-6743

    Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving an IMG element.... Read more

    Affected Products : sametime sametime_meeting_server
    • Published: Feb. 14, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-3004

    Directory traversal vulnerability in BIRT-Report Viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.x and 7.2.x before 7.2.1.5 allows remote authenticated users to read arbitrary files via unspecified vectors.... Read more

    • Published: Jul. 01, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2022-29820

    In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible... Read more

    Affected Products : pycharm
    • Published: Apr. 28, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2025-53901

    Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host (embedder). The specific bug is trig... Read more

    Affected Products : wasmtime
    • Published: Jul. 18, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Denial of Service

  • 3.5

    LOW
    CVE-2025-42978

    The widely used component that establishes outbound TLS connections in SAP NetWeaver Application Server Java does not reliably match the hostname that is used for the connection against the wildcard hostname defined in the received certificate of remote T... Read more

    Affected Products :
    • Published: Jul. 08, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Misconfiguration

  • 3.5

    LOW
    CVE-2025-42941

    SAP Fiori (Launchpad) is vulnerable to Reverse Tabnabbing vulnerability due to inadequate external navigation protections for its link (<a>) elements. An attacker with administrative user privileges could exploit this by leveraging compromised or maliciou... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Misconfiguration

  • 3.5

    LOW
    CVE-2025-47288

    Discourse Policy plugin gives the ability to confirm users have seen or done something. Prior to version 0.1.1, if there was a policy posted to a public topic that was tied to a private group then the group members could be shown to non-group members. Thi... Read more

    Affected Products :
    • Published: May. 29, 2025
    • Modified: May. 30, 2025
    • Vuln Type: Information Disclosure

  • 3.5

    LOW
    CVE-2022-38163

    A Drag and Drop spoof vulnerability was discovered in F-Secure SAFE Browser for Android and iOS version 19.0 and below. Drag and drop operation by user on address bar could lead to a spoofing of the address bar.... Read more

    Affected Products : safe
    • Published: Nov. 07, 2022
    • Modified: May. 02, 2025

  • 3.5

    LOW
    CVE-2009-2856

    Sun Virtual Desktop Infrastructure (VDI) 3.0, when anonymous binding is enabled, does not properly handle a client's attempt to establish an authenticated and encrypted connection, which might allow remote attackers to read cleartext VDI configuration-dat... Read more

    • Published: Aug. 18, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2022-44718

    An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 2 of 2). After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. Th... Read more

    Affected Products : ngeniusone
    • Published: Jan. 27, 2023
    • Modified: Mar. 28, 2025

  • 3.5

    LOW
    CVE-2022-45393

    A cross-site request forgery (CSRF) vulnerability in Jenkins Delete log Plugin 1.0 and earlier allows attackers to delete build logs.... Read more

    Affected Products : delete_log
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 3.5

    LOW
    CVE-2024-6446

    An issue has been discovered in GitLab affecting all versions starting from 17.1 to 17.1.7, 17.2 prior to 17.2.5 and 17.3 prior to 17.3.2. A crafted URL could be used to trick a victim to trust an attacker controlled application.... Read more

    Affected Products : gitlab
    • Published: Sep. 12, 2024
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2024-58248

    nopCommerce before 4.80.0 does not offer locking for order placement. Thus there is a race condition with duplicate redeeming of gift cards.... Read more

    Affected Products : nopcommerce
    • Published: Apr. 16, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Race Condition

  • 3.5

    LOW
    CVE-2024-57159

    07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/add.html.... Read more

    Affected Products : 07flycms
    • Published: Jan. 16, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 3.5

    LOW
    CVE-2025-1203

    The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltere... Read more

    Affected Products : slider\,_gallery\,_and_carousel
    • Published: Mar. 24, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2025-1062

    The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered... Read more

    Affected Products : slider\,_gallery\,_and_carousel
    • Published: Mar. 24, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2024-6792

    The WP ULike WordPress plugin before 4.7.2.1 does not properly sanitize user display names when rendering on a public page.... Read more

    • Published: Sep. 06, 2024
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2025-0717

    To exploit the vulnerability, it is necessary:... Read more

    Affected Products : social_slider_widget
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025
Showing 20 of 293932 Results