Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.7

    LOW
    CVE-2023-50955

    IBM InfoSphere Information Server 11.7 could allow an authenticated privileged user to obtain the absolute path of the web server installation which could aid in further attacks against the system. IBM X-Force ID: 275777.... Read more

    Affected Products : infosphere_information_server
    • Published: Feb. 21, 2024
    • Modified: Dec. 10, 2024

  • 2.7

    LOW
    CVE-2021-0991

    In OnMetadataChangedListener of AdvancedBluetoothDetailsHeaderController.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. ... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Dec. 15, 2021
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-27265

    Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response. ... Read more

    Affected Products : mattermost_server mattermost
    • EPSS Score: %0.15
    • Published: Feb. 27, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-28214

    nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker.... Read more

    Affected Products : ngrinder
    • Published: Mar. 07, 2024
    • Modified: May. 07, 2025

  • 2.7

    LOW
    CVE-2024-20912

    Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Easily exploitable vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle ... Read more

    Affected Products : audit_vault_and_database_firewall
    • EPSS Score: %0.18
    • Published: Jan. 16, 2024
    • Modified: Jun. 03, 2025

  • 2.7

    LOW
    CVE-2023-5775

    The BackWPup plugin for WordPress is vulnerable to Plaintext Storage of Backup Destination Password in all versions up to, and including, 4.0.2. This is due to to the plugin improperly storing backup destination passwords in plaintext. This makes it possi... Read more

    Affected Products : backwpup
    • Published: Feb. 26, 2024
    • Modified: Feb. 05, 2025

  • 2.7

    LOW
    CVE-2024-10562

    The Form Maker by 10Web WordPress plugin before 1.15.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is dis... Read more

    Affected Products : form_maker
    • Published: Jan. 07, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.7

    LOW
    CVE-2023-23549

    Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 allows priviledged attackers to cause partial denial of service of the UI via too long hostnames.... Read more

    Affected Products : checkmk checkmk
    • EPSS Score: %0.05
    • Published: Nov. 15, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-10102

    The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of its Gallery settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks... Read more

    Affected Products : robo_gallery robo_gallery
    • Published: Jan. 07, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.7

    LOW
    CVE-2023-34110

    Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this... Read more

    Affected Products : flask-appbuilder flask_app_builder
    • EPSS Score: %0.35
    • Published: Jun. 22, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2025-26698

    Incorrect resource transfer between spheres issue exists in RevoWorks SCVX and RevoWorks Browser. If exploited, malicious files may be downloaded to the system where using the product.... Read more

    Affected Products : revoworks_browser
    • Published: Feb. 26, 2025
    • Modified: Feb. 26, 2025
    • Vuln Type: Misconfiguration

  • 2.6

    LOW
    CVE-2007-5375

    Interpretation conflict in the Sun Java Virtual Machine (JVM) allows user-assisted remote attackers to conduct a multi-pin DNS rebinding attack and execute arbitrary JavaScript in an intranet context, when an intranet web server has an HTML document that ... Read more

    Affected Products : java_virtual_machine
    • EPSS Score: %0.37
    • Published: Oct. 11, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-2975

    Multiple cross-site scripting (XSS) vulnerabilities in pblguestbook.php in PBL Guestbook 1.31 allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of IMG tags in the (1) name, (2) email, and (3) website paramet... Read more

    Affected Products : pbl_guestbook
    • EPSS Score: %0.70
    • Published: Jun. 12, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2007-5414

    Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0, when UTF-7 document content is rendered directly in UTF-7, allows remote attackers to inject arbitrary web script or HTML via a gopher URI that uses single quote characters to delimit... Read more

    Affected Products : firefox
    • EPSS Score: %0.25
    • Published: Oct. 12, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-3943

    Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties.... Read more

    Affected Products : internet_explorer ie
    • EPSS Score: %38.26
    • Published: Jul. 31, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2011-5146

    Bokken before 1.6 and 1.5-x before 1.5-3 for Debian allows local users to overwrite arbitrary files via a symlink attack on /tmp/graph.dot.... Read more

    Affected Products : bokken
    • EPSS Score: %0.05
    • Published: Aug. 31, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2017-2109

    Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application.... Read more

    Affected Products : kunai
    • EPSS Score: %0.26
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 2.6

    LOW
    CVE-2009-4249

    Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) lastusername and (2) mod parameters... Read more

    Affected Products : cutenews
    • EPSS Score: %3.42
    • Published: Dec. 10, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2012-2632

    SEIL routers with firmware SEIL/x86 1.00 through 2.35, SEIL/X1 2.30 through 3.75, SEIL/X2 2.30 through 3.75, and SEIL/B1 2.30 through 3.75, when the http-proxy and application-gateway features are enabled, do not properly handle the CONNECT command, which... Read more

    Affected Products : b1_firmware b1 x1 x2 x86_firmware
    • EPSS Score: %0.18
    • Published: Jun. 15, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2011-1068

    Microsoft Windows Azure Software Development Kit (SDK) 1.3.x before 1.3.20121.1237, when Full IIS and a Web Role are used with an ASP.NET application, does not properly support the use of cookies for maintaining state, which allows remote attackers to obt... Read more

    Affected Products : windows_azure_sdk
    • EPSS Score: %15.95
    • Published: Feb. 23, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 291401 Results