Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 5.4

    MEDIUM
    CVE-2021-20107

    There exists an unauthenticated BLE Interface in Sloan SmartFaucets including Optima EAF, Optima ETF/EBF, BASYS EFX, and Flushometers including SOLIS. The vulnerability allows for unauthenticated kinetic effects and information disclosure on the faucets. ... Read more

    • Published: Jun. 30, 2021
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2011-1079

    The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memo... Read more

    Affected Products : linux_kernel
    • Published: Jun. 21, 2012
    • Modified: Apr. 11, 2025
  • 5.4

    MEDIUM
    CVE-2016-7119

    Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN) before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted onclick attribute in an IMG element.... Read more

    Affected Products : dotnetnuke
    • Published: Aug. 31, 2016
    • Modified: Apr. 12, 2025
  • 5.4

    MEDIUM
    CVE-2016-6913

    Cross-site scripting (XSS) vulnerability in AlienVault OSSIM before 5.3 and USM before 5.3 allows remote attackers to inject arbitrary web script or HTML via the back parameter to ossim/conf/reload.php.... Read more

    • Published: Sep. 26, 2016
    • Modified: Apr. 12, 2025
  • 5.4

    MEDIUM
    CVE-2009-0629

    The (1) Airline Product Set (aka ALPS), (2) Serial Tunnel Code (aka STUN), (3) Block Serial Tunnel Code (aka BSTUN), (4) Native Client Interface Architecture (NCIA) support, (5) Data-link switching (aka DLSw), (6) Remote Source-Route Bridging (RSRB), (7) ... Read more

    Affected Products : ios ios_xr
    • Published: Mar. 27, 2009
    • Modified: Apr. 09, 2025
  • 5.4

    MEDIUM
    CVE-2009-1965

    Unspecified vulnerability in the Net Foundation Layer component in Oracle Database 9.2.0.8 and 10.1.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.... Read more

    Affected Products : database_server windows
    • Published: Oct. 22, 2009
    • Modified: Apr. 09, 2025
  • 5.4

    MEDIUM
    CVE-2016-6723

    A denial of service vulnerability in Proxy Auto Config in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a remote attacker to use a specially crafted file to cause a device h... Read more

    Affected Products : android
    • Published: Nov. 25, 2016
    • Modified: Apr. 12, 2025
  • 5.4

    MEDIUM
    CVE-2021-1599

    A vulnerability in the web-based management interface of Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user. This vulnerability is due to insufficient input... Read more

    Affected Products : unified_customer_voice_portal
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2021-1582

    A vulnerability in the web UI of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow an authenticated, remote attacker to perform a stored cross-site scripting attack on an affected system. This vulnerability is due t... Read more

    • Published: Aug. 25, 2021
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2016-6647

    Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : vipr_srm
    • Published: Sep. 30, 2016
    • Modified: Apr. 12, 2025
  • 5.4

    MEDIUM
    CVE-2021-1466

    A vulnerability in the vDaemon service of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to cause a buffer overflow on an affected system, resulting in a denial of service (DoS) condition. The vulnerability is due to... Read more

    Affected Products : catalyst_sd-wan_manager
    • Published: Nov. 15, 2024
    • Modified: Aug. 04, 2025
  • 5.4

    MEDIUM
    CVE-2016-6550

    The U by BB&T app 1.5.4 and earlier for iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : the_u
    • Published: Oct. 05, 2016
    • Modified: Apr. 12, 2025
  • 5.4

    MEDIUM
    CVE-2021-21635

    Jenkins REST List Parameter Plugin 1.3.0 and earlier does not escape a parameter name reference in embedded JavaScript, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.... Read more

    Affected Products : rest_list_parameter
    • Published: Mar. 30, 2021
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2021-1113

    NVIDIA camera firmware contains a difficult to exploit vulnerability where a highly privileged attacker can cause unauthorized modification to camera resources, which may result in complete denial of service and partial loss of data integrity for all clie... Read more

    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2021-21611

    Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape display names and IDs of item types shown on the New Item page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to specify display names or IDs... Read more

    Affected Products : jenkins
    • Published: Jan. 13, 2021
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2021-21608

    Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape button labels in the Jenkins UI, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to control button labels.... Read more

    Affected Products : jenkins
    • Published: Jan. 13, 2021
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2016-6118

    IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclos... Read more

    • Published: Jul. 24, 2017
    • Modified: Apr. 20, 2025
  • 5.4

    MEDIUM
    CVE-2016-6072

    IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted ses... Read more

    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025
  • 5.4

    MEDIUM
    CVE-2016-6047

    IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a truste... Read more

    Affected Products : jazz_reporting_service
    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025
  • 5.4

    MEDIUM
    CVE-2016-6036

    IBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials discl... Read more

    • Published: Mar. 31, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294836 Results