Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2025-3635

    A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery (CSRF) attacks.... Read more

    Affected Products : moodle
    • Published: Apr. 25, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 3.5

    LOW
    CVE-2006-6514

    Winamp Web Interface (Wawi) 7.5.13 and earlier uses an insufficient comparison to determine whether a directory is located below the application's root directory, which allows remote authenticated users to access certain other directories if the name of t... Read more

    Affected Products : winamp_web_interface
    • Published: Dec. 14, 2006
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2006-6821

    myprofile.asp in Enthrallweb eNews does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified... Read more

    Affected Products : enews
    • Published: Dec. 29, 2006
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2013-1567

    Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-2395.... Read more

    Affected Products : mysql
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2006-6775

    acFTP 1.5 allows remote authenticated users to cause a denial of service via a crafted argument to the (1) REST or (2) PBSZ command.... Read more

    Affected Products : acftp
    • Published: Dec. 27, 2006
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2023-43295

    Cross Site Request Forgery vulnerability in Click Studios (SA) Pty Ltd Passwordstate v.Build 9785 and before allows a local attacker to execute arbitrary code via a crafted request.... Read more

    Affected Products : passwordstate
    • Published: Oct. 31, 2023
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2006-6512

    Directory traversal vulnerability in the Browse function (/browse URI) in Winamp Web Interface (Wawi) 7.5.13 and earlier allows remote authenticated users to list arbitrary directories via URL encoded backslashes ("%2F") in the path parameter.... Read more

    Affected Products : winamp_web_interface
    • Published: Dec. 14, 2006
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2004-2728

    Buffer overflow in the FTP server of Hummingbird Connectivity 7.1 and 9.0 allows remote, authenticated users to cause a denial of service (application crash) via a long argument to the XCWD command.... Read more

    Affected Products : connectivity
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 3.5

    LOW
    CVE-2008-1969

    Multiple cross-site scripting (XSS) vulnerabilities in Cezanne 6.5.1 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) LookUPId and (2) CbFun parameters to (a) CFLookUP.asp; (3) TitleParms, (4) WidgetsHeights, (5) WidgetsLink... Read more

    Affected Products : cezanne
    • Published: Apr. 27, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2013-1244

    Cross-site scripting (XSS) vulnerability in the portal module in Cisco WebEx Social allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL in the link field in a post, aka Bug ID CSCue67199.... Read more

    Affected Products : webex_social
    • Published: May. 16, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2020-24586

    The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when anothe... Read more

    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2012-5200

    Cross-site scripting (XSS) vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote authenticated users to inject arbitrary web script or HTML via unspecif... Read more

    • Published: Mar. 09, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-2165

    IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3, when ClearQuest Authentication is enabled, allows remote authenticated users to read password hashes via a user query.... Read more

    Affected Products : rational_clearquest
    • Published: Aug. 17, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-5339

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a procedure, or (3) a trigger.... Read more

    Affected Products : phpmyadmin
    • Published: Oct. 25, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2024-23557

    HCL Connections contains a user enumeration vulnerability. Certain actions could allow an attacker to determine if the user is valid or not, leading to a possible brute force attack. ... Read more

    Affected Products : connections
    • Published: Apr. 18, 2024
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2011-0904

    The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a de... Read more

    Affected Products : vino
    • Published: May. 10, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2020-11044

    In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_read_cache_bitmap_v3_order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0.... Read more

    Affected Products : ubuntu_linux debian_linux freerdp
    • Published: May. 07, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2012-5942

    Cross-site scripting (XSS) vulnerability in the Data Management Portal Web User Interface in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 allows remote authenticated users to inject content, and conduct phishing attacks... Read more

    • Published: Mar. 06, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-0814

    The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messag... Read more

    Affected Products : openssh
    • Published: Jan. 27, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-2340

    The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not specify sufficiently restrictive permissions, which allows remote authenticated users with the "access the site-wide contact form" permission to modify the module settings via unspecified... Read more

    Affected Products : drupal contact_forms
    • Published: May. 21, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 294846 Results