Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2016-5951

    IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a truste... Read more

    Affected Products : kenexa_lcms_premier
    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-6032

    IBM Rational Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure withi... Read more

    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2025-27810

    Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays.... Read more

    Affected Products : mbedtls
    • Published: Mar. 25, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Memory Corruption

  • 5.4

    MEDIUM
    CVE-2016-5398

    Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permission to create business processes.... Read more

    Affected Products : jboss_bpm_suite
    • Published: Oct. 03, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-5236

    Cross-Site-Scripting (XSS) vulnerabilities in F5 WebSafe Dashboard 3.9.5 and earlier, aka F5 WebSafe Alert Server, allow privileged authenticated users to inject arbitrary web script or HTML when creating a new user, account or signature.... Read more

    Affected Products : websafe_alert_server
    • Published: Jul. 01, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2025-21540

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged a... Read more

    Affected Products : mysql_server
    • Published: Jan. 21, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Authorization

  • 5.4

    MEDIUM
    CVE-2024-8180

    An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. Improper output encoding could lead to XSS if CSP is not enabled.... Read more

    Affected Products : gitlab
    • Published: Nov. 14, 2024
    • Modified: Dec. 13, 2024

  • 5.4

    MEDIUM
    CVE-2016-4880

    Cross-site scripting vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : basercms
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-4877

    Cross-site scripting vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : basercms mail
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2024-52839

    Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DO... Read more

    • Published: Dec. 10, 2024
    • Modified: Dec. 18, 2024

  • 5.4

    MEDIUM
    CVE-2016-4590

    WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.... Read more

    Affected Products : iphone_os safari webkit
    • Published: Jul. 22, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-43754

    Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could allow an attacker to execute arbitrary code in the context of the victim's browser. This issue occurs when data from a mal... Read more

    • Published: Dec. 10, 2024
    • Modified: Dec. 17, 2024

  • 5.4

    MEDIUM
    CVE-2024-43742

    Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a v... Read more

    • Published: Dec. 10, 2024
    • Modified: Dec. 17, 2024

  • 5.4

    MEDIUM
    CVE-2016-4392

    A remote cross site scripting vulnerability has been identified in HP Business Service Management software v9.1x, v9.20 - v9.25IP1.... Read more

    Affected Products : business_service_management
    • Published: Aug. 06, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-4317

    Atlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page.... Read more

    Affected Products : confluence
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-4400

    A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS).... Read more

    Affected Products : network_node_manager_i
    • Published: Aug. 06, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-4058

    Cross-site scripting (XSS) vulnerability in Huawei Policy Center before V100R003C10SPC020 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to "special characters on pages."... Read more

    • Published: Sep. 27, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2024-36222

    Adobe Experience Manager versions 6.5.20 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Expl... Read more

    • Published: Jun. 13, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-36196

    Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a v... Read more

    • Published: Jun. 13, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-36177

    Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a v... Read more

    • Published: Jun. 13, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 294353 Results