Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.4

    HIGH
    CVE-2020-25638

    A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allo... Read more

    • Published: Dec. 02, 2020
    • Modified: Apr. 23, 2025

  • 7.5

    HIGH
    CVE-2024-36390

    MileSight DeviceHub - CWE-20 Improper Input Validation may allow Denial of Service... Read more

    Affected Products : ubuntu_linux devicehub
    • Published: Jun. 02, 2024
    • Modified: Apr. 23, 2025

  • 6.4

    MEDIUM
    CVE-2024-5520

    Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code, aft... Read more

    Affected Products : opencms
    • Published: May. 30, 2024
    • Modified: Apr. 23, 2025

  • 5.3

    MEDIUM
    CVE-2023-45596

    A CWE-425 “Direct Request ('Forced Browsing')” vulnerability in the “file_configuration” functionality of the web application allows a remote unauthenticated attacker to access confidential configuration files. This issue affects: AiLux imx6 bundle below ... Read more

    Affected Products : imx6
    • Published: Mar. 05, 2024
    • Modified: Apr. 23, 2025

  • 5.3

    MEDIUM
    CVE-2023-38366

    IBM Filenet Content Manager Component 5.5.8.0, 5.5.10.0, and 5.5.11.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files... Read more

    Affected Products : filenet_content_manager
    • Published: Mar. 01, 2024
    • Modified: Apr. 23, 2025

  • 5.3

    MEDIUM
    CVE-2023-50324

    IBM Cognos Command Center 10.2.4.1 and 10.2.5 exposes details the X-AspNet-Version Response Header that could allow an attacker to obtain information of the application environment to conduct further attacks. IBM X-Force ID: 275038.... Read more

    Affected Products : cognos_command_center
    • Published: Mar. 01, 2024
    • Modified: Apr. 23, 2025

  • 6.5

    MEDIUM
    CVE-2023-50312

    IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274711.... Read more

    Affected Products : websphere_application_server
    • Published: Mar. 01, 2024
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2023-25836

    There is a Cross-site Scripting vulnerability in Esri Portal for ArcGIS Sites in versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the... Read more

    Affected Products : portal_for_arcgis
    • Published: Jul. 21, 2023
    • Modified: Apr. 23, 2025

  • 6.1

    MEDIUM
    CVE-2023-25831

    There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s br... Read more

    Affected Products : portal_for_arcgis
    • Published: May. 09, 2023
    • Modified: Apr. 23, 2025

  • 5.3

    MEDIUM
    CVE-2024-3893

    The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the rtcl_fb_gallery_image_delete AJAX action in all versions up to, and including, 3.0... Read more

    • Published: Apr. 25, 2024
    • Modified: Apr. 23, 2025

  • 6.1

    MEDIUM
    CVE-2023-25830

    There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1and before which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s b... Read more

    Affected Products : portal_for_arcgis
    • Published: May. 09, 2023
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2024-25905

    Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi Step Form.This issue affects Multi Step Form: from n/a through 1.7.18. ... Read more

    Affected Products : multi_step_form
    • Published: Feb. 21, 2024
    • Modified: Apr. 23, 2025

  • 7.2

    HIGH
    CVE-2024-34780

    SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.... Read more

    Affected Products : endpoint_manager
    • Published: Nov. 13, 2024
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2022-45217

    A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Level parameter under the Add New System User module.... Read more

    Affected Products : book_store_management_system
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 6.1

    MEDIUM
    CVE-2022-45122

    Cross-site scripting vulnerability in Movable Type Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type 6.8.7 and earlier (Movable Type 6 Series), Movable Type... Read more

    Affected Products : movable_type
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 7.5

    HIGH
    CVE-2022-43468

    External initialization of trusted variables or data stores vulnerability exists in WordPress Popular Posts 6.0.5 and earlier, therefore the vulnerable product accepts untrusted external inputs to update certain internal variables. As a result, the number... Read more

    Affected Products : wordpress_popular_posts
    • Published: Dec. 07, 2022
    • Modified: Apr. 23, 2025

  • 5.5

    MEDIUM
    CVE-2022-42782

    In wlan driver, there is a possible missing permission check, This could lead to local information disclosure.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Dec. 06, 2022
    • Modified: Apr. 23, 2025

  • 5.5

    MEDIUM
    CVE-2022-42781

    In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.... Read more

    Affected Products : android sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 t618 +4 more products
    • Published: Dec. 06, 2022
    • Modified: Apr. 23, 2025

  • 5.5

    MEDIUM
    CVE-2022-42780

    In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.... Read more

    Affected Products : android sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 t618 +4 more products
    • Published: Dec. 06, 2022
    • Modified: Apr. 23, 2025

  • 5.5

    MEDIUM
    CVE-2022-42779

    In wlan driver, there is a possible missing bounds check, This could lead to local denial of service in wlan services.... Read more

    Affected Products : android sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 t618 +4 more products
    • Published: Dec. 06, 2022
    • Modified: Apr. 23, 2025
Showing 20 of 293602 Results