Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2006-5659

    PAM_extern before 0.2 sends a password as a command line argument, which allows local users to obtain the password by listing the command line arguments, such as ps. NOTE: the provenance of this information is unknown; the details are obtained solely fro... Read more

    Affected Products : pam_extern
    • EPSS Score: %0.06
    • Published: Nov. 03, 2006
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2012-4493

    Cross-site scripting (XSS) vulnerability in the administrative interface in the Better Revisions module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer better revisions" permission to inject arbitrary web script or... Read more

    Affected Products : drupal better_revisions
    • EPSS Score: %0.20
    • Published: Nov. 02, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2004-0289

    Buffer overflow in sdbscan in SignatureDB 0.1.1 allows local users to cause a denial of service (segmentation fault) via a database file that contains a large key parameter.... Read more

    Affected Products : signaturedb
    • EPSS Score: %0.06
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2025-46729

    julmud/phpDVDProfiler is an adoption of the defunct phpDVDProfiler project, which allows users to display on the web their DVD collections maintained with Invelos's DVDProfiler software. Starting in v_20230807 and prior to v_20250511, cross-site scripting... Read more

    Affected Products :
    • Published: May. 12, 2025
    • Modified: May. 12, 2025

  • 2.1

    LOW
    CVE-2013-1783

    Cross-site scripting (XSS) vulnerability in the 3 slide gallery in page--front.tpl.php in the Business theme before 7.x-1.8 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspe... Read more

    Affected Products : drupal business
    • EPSS Score: %0.35
    • Published: Mar. 27, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-0321

    Unspecified vulnerability in the device driver in Kingsoft Internet Security 2011 allows local users to cause a denial of service via a crafted application.... Read more

    Affected Products : internet_security
    • EPSS Score: %0.06
    • Published: Mar. 02, 2012
    • Modified: Apr. 11, 2025

  • 2.0

    LOW
    CVE-2024-52286

    Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In affected versions the Merge functionality takes untrusted user input (file name) and uses it directly in the creation of HTML pages allowing an... Read more

    Affected Products : stirling_pdf
    • Published: Nov. 11, 2024
    • Modified: Jan. 09, 2025

  • 2.0

    LOW
    CVE-2025-2864

    SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject malicious code into the legitimate website owning the affected device, once the cookie is set. This attack only impacts the victim's browser (reflected XSS).... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Mar. 28, 2025

  • 2.0

    LOW
    CVE-2025-2920

    A vulnerability was found in Netis WF-2404 1.1.124EN. It has been rated as problematic. This issue affects some unknown processing of the file /еtc/passwd. The manipulation leads to use of weak hash. It is possible to launch the attack on the physical dev... Read more

    Affected Products :
    • Published: Mar. 28, 2025
    • Modified: Apr. 01, 2025

  • 2.0

    LOW
    CVE-2024-53262

    SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. The static error.html template for errors contains placeholders that are replaced without escaping the content first. error.html is the page that is rendered... Read more

    Affected Products : sveltekit
    • Published: Nov. 25, 2024
    • Modified: Nov. 25, 2024

  • 2.0

    LOW
    CVE-2025-4599

    The fragment preview functionality in Liferay Portal 7.4.3.61 through 7.4.3.132, and Liferay DXP 2024.Q4.1 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.13 and 7.4 update 61 through update 92 was ... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 04, 2025
    • Modified: Aug. 05, 2025

  • 2.0

    LOW
    CVE-2024-21209

    Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network acces... Read more

    Affected Products : mysql mysql_client
    • Published: Oct. 15, 2024
    • Modified: Mar. 13, 2025

  • 2.0

    LOW
    CVE-2025-40632

    Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to modify the “lastLogin” cookie with malicious JavaScript code that will be executed when the page is rendered.... Read more

    Affected Products :
    • Published: May. 16, 2025
    • Modified: May. 16, 2025

  • 2.0

    LOW
    CVE-2024-53274

    Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The `register` function in `home.vue` containsa reflected XSS vulnerability due to an incorrect sanitization function. An attacke... Read more

    Affected Products :
    • Published: Dec. 12, 2024
    • Modified: Dec. 12, 2024

  • 2.0

    LOW
    CVE-2022-27049

    Raidrive before v2021.12.35 allows attackers to arbitrarily move log files by pre-creating a mountpoint and log files before Raidrive is installed.... Read more

    Affected Products : raidrive
    • EPSS Score: %0.14
    • Published: Mar. 31, 2022
    • Modified: Nov. 21, 2024

  • 2.0

    LOW
    CVE-2025-47820

    Flock Safety Gunshot Detection devices before 1.3 have cleartext storage of code.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025

  • 2.0

    LOW
    CVE-2025-47824

    Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have cleartext storage of code.... Read more

    Affected Products :
    • Published: Jun. 27, 2025
    • Modified: Jun. 30, 2025

  • 2.0

    LOW
    CVE-2024-50406

    A cross-site scripting (XSS) vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data. We have already fixed ... Read more

    Affected Products :
    • Published: Jun. 06, 2025
    • Modified: Jun. 09, 2025

  • 2.0

    LOW
    CVE-2025-4655

    SSRF vulnerability in FreeMarker templates in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 G... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 09, 2025
    • Modified: Aug. 11, 2025

  • 2.0

    LOW
    CVE-2025-0253

    HCL IEM is affected by a cookie attribute not set vulnerability due to inconsistency of certain security-related configurations which could increase exposure to potential vulnerabilities.... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 25, 2025
Showing 20 of 291153 Results