Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.7

    LOW
    CVE-2023-29293

    Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An admin privileged attacker could leverage this vuln... Read more

    • Published: Jun. 15, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-40455

    An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows attackers to delete arbitrary files via a crafted request.... Read more

    Affected Products : thinksaas
    • Published: Jul. 16, 2024
    • Modified: Apr. 28, 2025

  • 2.7

    LOW
    CVE-2025-24474

    An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2 all versions, 7.0 all versions, 6.4 all versions; FortiManager Cloud 7.4.1 through... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 22, 2025
    • Vuln Type: Injection

  • 2.7

    LOW
    CVE-2023-45809

    Wagtail is an open source content management system built on Django. A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rul... Read more

    Affected Products : wagtail wagtail
    • Published: Oct. 19, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-48430

    A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted req... Read more

    Affected Products : sinec_ins
    • Published: Dec. 12, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-48429

    A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The Web UI of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted reque... Read more

    Affected Products : sinec_ins
    • Published: Dec. 12, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2022-36168

    A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. via /coreframe/app/attachment/admin/index.php:... Read more

    Affected Products : wuzhicms
    • Published: Aug. 26, 2022
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-37361

    REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization.... Read more

    Affected Products : redcap
    • Published: Jul. 25, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-49652

    Incorrect permission checks in Jenkins Google Compute Engine Plugin 4.550.vb_327fca_3db_11 and earlier allow attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate system-scoped credent... Read more

    Affected Products : google_compute_engine
    • Published: Nov. 29, 2023
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2024-0231

    A resource misdirection vulnerability in GitLab CE/EE versions 12.0 prior to 17.0.5, 17.1 prior to 17.1.3, and 17.2 prior to 17.2.1 allows an attacker to craft a repository import in such a way as to misdirect commits.... Read more

    Affected Products : gitlab
    • Published: Jul. 24, 2024
    • Modified: Nov. 21, 2024

  • 2.7

    LOW
    CVE-2023-6793

    An improper privilege management vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-only administrator to revoke active XML API keys from the firewall and disrupt XML API usage.... Read more

    Affected Products : pan-os prisma_access
    • Published: Dec. 13, 2023
    • Modified: Nov. 21, 2024

  • 2.6

    LOW
    CVE-2005-1778

    Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to inject arbitrary web script or HTML via the start parameter.... Read more

    Affected Products : postnuke
    • Published: May. 31, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-2272

    Safari version 2.0 (412) does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vuln... Read more

    Affected Products : safari
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-1790

    Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "Mismat... Read more

    Affected Products : internet_explorer
    • Published: Jun. 01, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-1791

    Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the user attempts to add a URI to the restricted zone, in which the full domain name of the URI begins with numeric sequences similar to an IP address. NOTE: if there is not an exploit scenar... Read more

    Affected Products : ie
    • Published: May. 28, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-3649

    jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users to other sites via the jump parameter.... Read more

    Affected Products : moodle
    • Published: Nov. 17, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-1793

    User32.DLL in Microsoft Windows 98SE, and possibly other operating systems, allows local and remote attackers to cause a denial of service (crash) via an icon (.ico) bitmap file with large width and height values.... Read more

    Affected Products : windows_98se
    • Published: Jun. 01, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2003-1129

    Buffer overflow in the Yahoo! Audio Conferencing (aka Voice Chat) ActiveX control before 1,0,0,45 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a URL with a long hostname to Yahoo! Messenger or Yahoo! Chat.... Read more

    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2015-2476

    The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 supports SSL 2.0, which makes it easier for remote attackers to defea... Read more

    • Published: Aug. 15, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2003-1581

    The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequenc... Read more

    Affected Products : http_server
    • Published: Feb. 05, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 293673 Results