Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2014-2329

    Multiple cross-site scripting (XSS) vulnerabilities in Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allow remote authenticated users to inject arbitrary web script or HTML via the (1) agent string for a check_mk agent, a (2) crafted request to a moni... Read more

    Affected Products : check_mk
    • Published: Aug. 31, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-3551

    Multiple cross-site scripting (XSS) vulnerabilities in the advanced-grading implementation in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote authenticated users to inject arbitrary w... Read more

    Affected Products : moodle
    • Published: Jul. 29, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-2559

    Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL.... Read more

    Affected Products : debian_linux drupal
    • Published: Mar. 25, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0347

    The Settings module in Websense Triton Unified Security Center 7.7.3 before Hotfix 31, Web Filter 7.7.3 before Hotfix 31, Web Security 7.7.3 before Hotfix 31, Web Security Gateway 7.7.3 before Hotfix 31, and Web Security Gateway Anywhere 7.7.3 before Hotf... Read more

    • Published: Apr. 12, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-6808

    Cross-site scripting (XSS) vulnerability in the Spotlight module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title.... Read more

    Affected Products : spotlight
    • Published: Sep. 04, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-1807

    Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain permissions to read arbitrary files via a symlink, related to building artifacts.... Read more

    Affected Products : openshift jenkins jenkins
    • Published: Oct. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-7548

    OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a c... Read more

    Affected Products : nova compute
    • Published: Jan. 12, 2016
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-8960

    Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted fi... Read more

    Affected Products : phpmyadmin
    • Published: Nov. 30, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2007-3782

    MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table.... Read more

    Affected Products : community_server
    • Published: Jul. 15, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2021-1996

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network ac... Read more

    • Published: Jan. 20, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2024-47526

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Self Cross-Site Scripting (Self-XSS) vulnerability in the "Alert Templates" feature allows users to inject arbitrary JavaScript into the alert template's name. This script execu... Read more

    Affected Products : librenms
    • Published: Oct. 01, 2024
    • Modified: Dec. 19, 2024

  • 3.5

    LOW
    CVE-2021-25075

    The Duplicate Page or Post WordPress plugin before 1.5.1 does not have any authorisation and has a flawed CSRF check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing any authenticated users, such as subscriber to call it and chang... Read more

    Affected Products : duplicate_page_or_post
    • Published: Feb. 21, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2017-5190

    NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attributes, has a concurrency issue causing information leakage, related to a stale profile.... Read more

    Affected Products : access_manager
    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2007-2683

    Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion.... Read more

    Affected Products : mutt
    • Published: May. 15, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2007-6303

    MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SE... Read more

    Affected Products : mysql mysql
    • Published: Dec. 10, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2022-29820

    In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible... Read more

    Affected Products : pycharm
    • Published: Apr. 28, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2022-23056

    In ERPNext, versions v13.0.0-beta.13 through v13.30.0 are vulnerable to Stored XSS at the Patient History page which allows a low privilege user to conduct an account takeover attack.... Read more

    Affected Products : erpnext erpnext
    • Published: Jun. 22, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2016-6539

    The Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse. The MAC address can be obtained by being in close proximity to the Bluetooth device, effectively exposing the device ID. The ID can... Read more

    Affected Products : trackr_firmware trackr
    • Published: Jul. 06, 2018
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2016-5473

    Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via vectors related to File Folders / Attachment, a different vulnerability than ... Read more

    • Published: Jul. 21, 2016
    • Modified: May. 08, 2025

  • 3.5

    LOW
    CVE-2025-49462

    Cross-site scripting in certain Zoom Clients before version 6.4.5 may allow an authenticated user to conduct a disclosure of information via network access.... Read more

    Affected Products : zoom
    • Published: Jul. 10, 2025
    • Modified: Aug. 05, 2025
    • Vuln Type: Information Disclosure
Showing 20 of 293625 Results