Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2014-7333

    The Aloha Guide (aka com.aloha.guide.japnese) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : aloha_guide
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2019-0262

    SAP WebIntelligence BILaunchPad, versions 4.10, 4.20, does not sufficiently encode user-controlled inputs in generated HTML reports, resulting in Cross-Site Scripting (XSS) vulnerability.... Read more

    Affected Products : businessobjects_bi_platform
    • Published: Feb. 15, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-7441

    The Pakan Ken Tube (aka com.PakanKen) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : pakan_ken_tube
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2019-10396

    Jenkins Dashboard View Plugin 2.11 and earlier did not escape build descriptions, resulting in a cross-site scripting vulnerability exploitable by users able to change build descriptions.... Read more

    Affected Products : dashboard_view
    • Published: Sep. 12, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-12903

    In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts->DisplayName screen, a user's groups in ConfigurationPage, the Dialog Title ... Read more

    Affected Products : endpoint_privilege_manager
    • Published: Jun. 26, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-1363

    IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading t... Read more

    Affected Products : jazz_reporting_service
    • Published: Apr. 25, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-11368

    Stored XSS was discovered in AUO Solar Data Recorder before 1.3.0 via the protect/config.htm addr parameter.... Read more

    Affected Products : solar_data_recorder
    • Published: Jun. 03, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-7508

    The Help For Doc (aka com.childrens.physician.relations) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : help_for_doc
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2018-1395

    IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... Read more

    Affected Products : rational_quality_manager
    • Published: Oct. 02, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-9547

    admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) vulnerability, which allows remote authenticated users to inject arbitrary web script or HTML by launching an Edit Page action and entering the Navigation Title or Page Title of a page t... Read more

    Affected Products : bigtree_cms
    • Published: Jun. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2019-13070

    A stored XSS vulnerability in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows a privileged attacker to embed malicious JavaScript in the SNMP trap receivers form. Upon visiting the /agent/action_recipient Event Action/Rec... Read more

    Affected Products : powerpanel
    • Published: Jul. 09, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-16624

    panel/pages/home/edit in Kirby v2.5.12 allows XSS via the title of a new page.... Read more

    Affected Products : kirby
    • Published: May. 13, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-16728

    feindura 2.0.7 allows XSS via the tags field of a new page created at index.php?category=0&page=new.... Read more

    Affected Products : feindura
    • Published: Sep. 12, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-15451

    A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is du... Read more

    Affected Products : prime_service_catalog
    • Published: Nov. 08, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-14547

    An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed when a attacker sends an attachment to admin with malicious JavaScript in the filename. This JavaScript executed when an admin selects the particular file from the list of all attach... Read more

    Affected Products : espocrm
    • Published: Aug. 05, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-14549

    An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed inside the title and breadcrumb of a newly formed entity available to all the users. A malicious user can inject JavaScript in these values of an entity, thus stealing user cookies w... Read more

    Affected Products : espocrm
    • Published: Aug. 05, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-11223

    XSS in Artica Pandora FMS before 7.0 NG 723 allows an attacker to execute arbitrary code via a crafted "refr" parameter in a "/pandora_console/index.php?sec=estado&sec2=operation/agentes/estado_agente&refr=" call.... Read more

    Affected Products : pandora_fms artica_pandora_fms
    • Published: Jun. 16, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-11715

    The Recent Threads plugin before 1.1 for MyBB allows XSS via a thread subject.... Read more

    Affected Products : recent_threads
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-1889

    IBM Security Guardium 10.0 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a tru... Read more

    Affected Products : security_guardium
    • Published: Dec. 17, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-7751

    The Recetas de Tragos (aka com.wRecetasdeTragos) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : recetas_de_tragos
    • Published: Oct. 21, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 292797 Results