Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2018-8732

    Cross-site scripting (XSS) vulnerability in WampServer 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the virtual_del parameter.... Read more

    Affected Products : wampserver
    • Published: Mar. 19, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-8903

    Open-AudIT Professional 2.1 allows XSS via the Name or Description field on the Credentials screen.... Read more

    Affected Products : open-audit open-audit
    • Published: Mar. 22, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-8957

    CoverCMS v1.1.6 has XSS via the fourth input box to index.php, related to admina/mconfigs.inc.php.... Read more

    Affected Products : covercms
    • Published: Mar. 23, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-9020

    The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via the events-manager.js mapTitle parameter in the Google Maps miniature.... Read more

    • Published: Mar. 26, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-9111

    Cross Site Scripting (XSS) exists on the Foxconn FEMTO AP-FC4064-T AP_GT_B38_5.8.3lb15-W47 LTE Build 15 via the configuration of a user account. An attacker can execute arbitrary script on an unsuspecting user's browser.... Read more

    Affected Products : ap-fc4064-t_firmware ap-fc4064-t
    • Published: May. 10, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-5584

    Cross-site scripting (XSS) vulnerability in the Management Web Interface in Palo Alto Networks PAN-OS 5.1, 6.x before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecif... Read more

    Affected Products : pan-os
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2018-9337

    The PAN-OS web interface administration page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML.... Read more

    Affected Products : pan-os
    • Published: Jul. 03, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2018-10751

    A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memory allocation for this string. The Samsung ID is SVE-20... Read more

    Affected Products : samsung_mobile
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-7327

    The Macau Business (aka com.magzter.macaubusiness) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : macau_business
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2019-0024

    A persistent cross-site scripting (XSS) vulnerability in the Email Collectors menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follo... Read more

    • Published: Jan. 15, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-7357

    The Grandparenting is Great (aka com.app_gig.layout) application 1.400 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : grandparenting_is_great
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2019-0368

    SAP Customer Relationship Management (Email Management), versions: S4CRM before 1.0 and 2.0, BBPCRM before 7.0, 7.01, 7.02, 7.12, 7.13 and 7.14, does not sufficiently encode user-controlled inputs within the mail client resulting in Cross-Site Scripting v... Read more

    • Published: Oct. 08, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-7408

    The Gary Johnson for President '12 (aka com.GaryJohnson2012) application 0.75.13439.53899 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a cra... Read more

    Affected Products : gary_johnson_for_president_\'12
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2019-10017

    CMS Made Simple 2.2.10 has XSS via the moduleinterface.php Name field, which is reachable via an "Add a new Profile" action to the File Picker.... Read more

    Affected Products : cms_made_simple
    • Published: Mar. 24, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-1020003

    invenio-records before 1.2.2 allows XSS.... Read more

    Affected Products : invenio-records
    • Published: Jul. 29, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-1020007

    Dependency-Track before 3.5.1 allows XSS.... Read more

    Affected Products : dependency-track
    • Published: Jul. 29, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2019-10410

    Jenkins Log Parser Plugin 2.0 and earlier did not escape an error message, resulting in a cross-site scripting vulnerability exploitable by users able to define log parsing rules.... Read more

    Affected Products : log_parser
    • Published: Sep. 25, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-9298

    Cross-site scripting vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to execute arbitrary JavaScript code.... Read more

    Affected Products : device_manager
    • Published: May. 29, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2019-13080

    Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via an SVG image and HTML file) that allows an authenticated user to execute arbitrary JavaScript in an administrator's browser.... Read more

    Affected Products : kace_systems_management_appliance
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-7633

    The Dino Zoo (aka com.tappocket.dinozoostar) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : dino_zoo
    • Published: Oct. 21, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293505 Results