Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2025-55455

    DooTask v1.0.51 was dicovered to contain an authenticated arbitrary download vulnerability via the component /msg/sendtext.... Read more

    Affected Products : dootask
    • Published: Aug. 22, 2025
    • Modified: Sep. 12, 2025
    • Vuln Type: Authentication

  • 3.5

    LOW
    CVE-2012-3149

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect confidentiality, related to MySQL Client.... Read more

    Affected Products : mysql
    • Published: Oct. 16, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2007-4113

    Unspecified vulnerability in Advanced Webhost Billing System (AWBS) before 2.6.0 allows remote authenticated users to obtain configuration data about other dedicated servers via unspecified vectors.... Read more

    Affected Products : advanced_webhost_billing_system
    • Published: Jul. 31, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2012-3445

    The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set ... Read more

    Affected Products : libvirt
    • Published: Aug. 07, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2007-4927

    axis-cgi/buffer/command.cgi on the AXIS 207W camera allows remote authenticated users to cause a denial of service (reboot) via many requests with unique buffer names in the buffername parameter in a start action.... Read more

    Affected Products : 207w_network_camera
    • Published: Sep. 18, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2023-49578

    SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform Denial of service attack from adjacent UI by sending a malicious request which leads to low impact on the availability and no impact on confidentiality or Integr... Read more

    Affected Products : cloud_connector
    • Published: Dec. 12, 2023
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2023-3511

    An issue has been discovered in GitLab EE affecting all versions starting from 8.17 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible for auditor users to fork and submit merge req... Read more

    Affected Products : gitlab
    • Published: Dec. 15, 2023
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2007-1947

    Cross-zone scripting vulnerability in the DOM templates (domplates) used by the console.log function in the Firebug extension before 1.04 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbi... Read more

    Affected Products : firebug
    • Published: Apr. 11, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2013-2381

    Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server Privileges.... Read more

    Affected Products : mysql
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2007-4280

    The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application cra... Read more

    • Published: Aug. 09, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2007-1467

    Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, Cal... Read more

    • Published: Mar. 16, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2019-1010310

    GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder description. The impact is: Admins can phish any user or group of users for credentials / credit cards. The component is: Tool... Read more

    Affected Products : glpi
    • Published: Jul. 12, 2019
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2012-5096

    Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors.... Read more

    Affected Products : ubuntu_linux mysql mariadb
    • Published: Jan. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-3474

    Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to in... Read more

    Affected Products : opensuse horizon horizon
    • Published: Oct. 31, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-6039

    Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via crafted content in an Office Marketplace instance, aka "Micros... Read more

    • Published: Oct. 14, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2012-6145

    Cross-site scripting (XSS) vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : typo3
    • Published: Jul. 01, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2011-4346

    Cross-site scripting (XSS) vulnerability in the web interface in Red Hat Network (RHN) Satellite 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field of the asset tag in a Custom Info page.... Read more

    Affected Products : enterprise_linux satellite
    • Published: Dec. 10, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2009-4237

    Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the req parameter to login.php, and allow remote authenticated users to inject arbitrary web script or HTML ... Read more

    Affected Products : testlink testlink
    • Published: Dec. 10, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2013-6196

    Cross-site scripting (XSS) vulnerability in HP Autonomy Ultraseek 5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : autonomy_ultraseek
    • Published: Dec. 21, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-4914

    Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, 11.1.1.7, 11.1.1.9, 12.1.2.0, and 12.1.3.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web Listener.... Read more

    Affected Products : http_server fusion_middleware
    • Published: Oct. 22, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 294128 Results