Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.7

    LOW
    CVE-2022-46498

    Hospital Management System 1.0 was discovered to contain a SQL injection vulnerability via the doc_number parameter at his_admin_view_single_employee.php.... Read more

    • Published: Mar. 07, 2024
    • Modified: Mar. 28, 2025

  • 2.7

    LOW
    CVE-2023-21882

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protoco... Read more

    Affected Products : mysql mysql_server
    • EPSS Score: %0.06
    • Published: Jan. 18, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2013-5875

    Unspecified vulnerability in Oracle Solaris 11.1 allows local users to affect integrity and availability via vectors related to Role Based Access Control (RBAC).... Read more

    Affected Products : solaris sunos
    • EPSS Score: %0.10
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 2.7

    LOW
    CVE-2022-21432

    Vulnerability in the Oracle Database - Enterprise Edition RDBMS Security component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having DBA role ... Read more

    Affected Products : database text
    • EPSS Score: %0.08
    • Published: Jul. 19, 2022
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2022-35931

    Nextcloud Password Policy is an app that enables a Nextcloud server admin to define certain rules for passwords. Prior to versions 22.2.10, 23.0.7, and 24.0.3 the random password generator may, in very rare cases, generate common passwords that the valida... Read more

    Affected Products : nextcloud_server notes password_policy
    • EPSS Score: %0.04
    • Published: Sep. 06, 2022
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2006-6607

    The Java Key Store (JKS) for WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) 4.6 places the JKS password in a -Djavax.net.ssl.trustStorePassword command line argument, which allows local users to obtain the password by listing th... Read more

    Affected Products : tivoli_identity_manager
    • EPSS Score: %0.13
    • Published: Dec. 18, 2006
    • Modified: Apr. 09, 2025

  • 2.7

    LOW
    CVE-2023-5775

    The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password in all versions up to, and including, 4.0.2. This is due to to the plugin improperly storing backup destination passwords in plaintext. This makes it possi... Read more

    Affected Products : backwpup
    • Published: Feb. 26, 2024
    • Modified: Feb. 05, 2025

  • 2.7

    LOW
    CVE-2022-2556

    The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it c... Read more

    Affected Products : mailchimp_for_woocommerce
    • EPSS Score: %0.09
    • Published: Aug. 29, 2022
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2022-36168

    A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. via /coreframe/app/attachment/admin/index.php:... Read more

    Affected Products : wuzhicms
    • EPSS Score: %0.45
    • Published: Aug. 26, 2022
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-10102

    The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of its Gallery settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks... Read more

    Affected Products : robo_gallery robo_gallery
    • Published: Jan. 07, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.7

    LOW
    CVE-2024-10562

    The Form Maker by 10Web WordPress plugin before 1.15.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is dis... Read more

    Affected Products : form_maker
    • Published: Jan. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.7

    LOW
    CVE-2022-3710

    A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA.... Read more

    • EPSS Score: %0.22
    • Published: Dec. 01, 2022
    • Modified: Apr. 23, 2025

  • 2.7

    LOW
    CVE-2024-10672

    The Multiple Page Generator Plugin – MPG plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the mpg_upsert_project_source_block() function in all versions up to, and including, 4.0.2. This makes it po... Read more

    Affected Products : multiple_page_generator
    • Published: Nov. 12, 2024
    • Modified: Nov. 14, 2024

  • 2.7

    LOW
    CVE-2022-34452

    PowerPath Management Appliance with versions 3.3, 3.2*, 3.1 & 3.0* contains sensitive information disclosure vulnerability. An Authenticated admin user can able to exploit the issue and view sensitive information stored in the logs. ... Read more

    Affected Products : powerpath_management_appliance
    • EPSS Score: %0.16
    • Published: Feb. 10, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2009-3406

    Unspecified vulnerability in the JD Edwards Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.98.2.1 allows remote authenticated users to affect confidentiality via unknown vectors.... Read more

    • EPSS Score: %0.42
    • Published: Oct. 22, 2009
    • Modified: Apr. 09, 2025

  • 2.7

    LOW
    CVE-2024-20905

    Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure SEC). Supported versions that are affected are Prior to 9.2.8.0. Easily exploitable vulnerability allows high privileged attacker with ... Read more

    Affected Products : jd_edwards_enterpriseone_tools
    • Published: Feb. 17, 2024
    • Modified: Mar. 27, 2025

  • 2.7

    LOW
    CVE-2023-48303

    Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and Nextcloud Enterprise Server, admins can change authentication details... Read more

    Affected Products : nextcloud_server notes
    • EPSS Score: %0.19
    • Published: Nov. 21, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-7038

    An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model update feature under admin settings. When a user updates the model path, the system checks if the file exists and provides diff... Read more

    Affected Products : open_webui
    • Published: Oct. 09, 2024
    • Modified: Nov. 03, 2024

  • 2.7

    LOW
    CVE-2024-28214

    nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker.... Read more

    Affected Products : ngrinder
    • Published: Mar. 07, 2024
    • Modified: May. 07, 2025

  • 2.7

    LOW
    CVE-2024-32882

    Wagtail is an open source content management system built on Django. In affected versions if a model has been made available for editing through the `wagtail.contrib.settings` module or `ModelViewSet`, and the `permission` argument on `FieldPanel` has bee... Read more

    Affected Products : wagtail wagtail
    • Published: May. 02, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 291312 Results