Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2025-1623

    The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is d... Read more

    Affected Products : gdpr_cookie_compliance
    • Published: Mar. 16, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2008-1484

    The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate crea... Read more

    Affected Products : punbb
    • Published: Mar. 24, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2025-23073

    Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Mediawiki - GlobalBlocking Extension allows Retrieve Embedded Sensitive Data. This issue briefly impacted the master branch of MediaWiki’s GlobalBlocking Ext... Read more

    Affected Products :
    • Published: Jan. 14, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Information Disclosure

  • 3.5

    LOW
    CVE-2025-3777

    Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the `image_utils.py` file. The vulnerability arises from insecure URL validation using the `startswith()` method, which can be bypassed through U... Read more

    Affected Products : transformers
    • Published: Jul. 07, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Misconfiguration

  • 3.5

    LOW
    CVE-2017-5930

    The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check.... Read more

    Affected Products : leap postfixadmin
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2003-1463

    Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows remote attackers with administrator privileges to (1) determine the installation path by reading the contents of the Name parameter in a link, and (2) read arb... Read more

    Affected Products : webadmin all_windows
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 3.5

    LOW
    CVE-2023-23934

    Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cook... Read more

    Affected Products : werkzeug
    • Published: Feb. 14, 2023
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2003-1570

    The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the server console in some circumstances, which allows remote authenticated administrators to monitor server operations ... Read more

    Affected Products : tivoli_storage_manager
    • Published: Mar. 31, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2021-2336

    Vulnerability in the Oracle Database - Enterprise Edition Data Redaction component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Creat... Read more

    Affected Products : database database_server
    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2023-28845

    Nextcloud talk is a video & audio conferencing app for Nextcloud. In affected versions the talk app does not properly filter access to a conversations member list. As a result an attacker could use this vulnerability to gain information about the members ... Read more

    Affected Products : talk nextcloud_server notes
    • Published: Mar. 31, 2023
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2014-4986

    Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) table name ... Read more

    Affected Products : phpmyadmin
    • Published: Jul. 20, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-0385

    Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Pluggable Auth.... Read more

    Affected Products : mysql
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2006-2539

    Sybase EAServer 5.0 for HP-UX Itanium, 5.2 for IBM AIX, HP-UX PA-RISC, Linux x86, and Sun Solaris SPARC, and 5.3 for Sun Solaris SPARC does not properly protect passwords when they are being entered via the GUI, which allows local users to obtain the clea... Read more

    Affected Products : easerver
    • Published: May. 22, 2006
    • Modified: Apr. 03, 2025

  • 3.5

    LOW
    CVE-2013-4340

    wp-admin/includes/post.php in WordPress before 3.6.1 allows remote authenticated users to spoof the authorship of a post by leveraging the Author role and providing a modified user_ID parameter.... Read more

    Affected Products : wordpress
    • Published: Sep. 12, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-3810

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA Transactions.... Read more

    Affected Products : mysql
    • Published: Jul. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-2438

    Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.... Read more

    • Published: Apr. 16, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-2430

    Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.... Read more

    • Published: Apr. 16, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-5797

    Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and JavaFX 2.2.40 and earlier allows remote authenticated users to affect integri... Read more

    Affected Products : jdk jre jrockit jre jdk javafx
    • Published: Oct. 16, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-9475

    Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.19.23, 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote authenticated users to inject arbitrary web script or HTML via a wikitext message.... Read more

    Affected Products : mediawiki
    • Published: Jan. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0407

    Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to... Read more

    Affected Products : vm_virtualbox
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025
Showing 20 of 294516 Results