Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2013-4718

    Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search.... Read more

    Affected Products : otrs otrs_itsm
    • Published: Aug. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2013-4112

    The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.... Read more

    • Published: Sep. 28, 2013
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2013-2206

    The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allows remote attackers to cau... Read more

    Affected Products : linux_kernel
    • Published: Jul. 04, 2013
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2020-9056

    Periscope BuySpeed version 14.5 is vulnerable to stored cross-site scripting, which could allow a local, authenticated attacker to store arbitrary JavaScript within the application. This JavaScript is subsequently displayed by the application without sani... Read more

    Affected Products : buyspeed
    • Published: Apr. 10, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-9055

    Versiant LYNX Customer Service Portal (CSP), version 3.5.2, is vulnerable to stored cross-site scripting, which could allow a local, authenticated attacker to insert malicious JavaScript that is stored and displayed to the end user. This could lead to web... Read more

    Affected Products : lynx_customer_service_portal
    • Published: Mar. 30, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-9007

    Codoforum 4.8.8 allows self-XSS via the title of a new topic.... Read more

    Affected Products : codoforum
    • Published: Feb. 16, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8825

    index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS.... Read more

    Affected Products : vanilla
    • Published: Feb. 10, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8776

    Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via the URL property of a file.... Read more

    Affected Products : alfresco
    • Published: Mar. 02, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2012-0875

    SystemTap 1.7, 1.6.7, and probably other versions, when unprivileged mode is enabled, allows local users to obtain sensitive information from kernel memory or cause a denial of service (kernel panic and crash) via vectors related to crafted DWARF data, wh... Read more

    Affected Products : systemtap
    • Published: Feb. 04, 2014
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2015-6521

    Multiple cross-site scripting (XSS) vulnerabilities in ATutor LMS version 2.2.... Read more

    Affected Products : atutor
    • Published: Oct. 10, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2020-8426

    The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the elementor-system-info page. These can be exploited by targeting an authenticated user.... Read more

    Affected Products : website_builder
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8294

    A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows execution of a stored XSS attack using Internet Explorer when saving a 'javascript:' URL in markdown format.... Read more

    Affected Products : nextcloud_server
    • Published: Feb. 03, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8288

    The `specializedRendering` function in Rocket.Chat server before 3.9.2 allows a cross-site scripting (XSS) vulnerability by way of the `value` parameter.... Read more

    Affected Products : rocket.chat
    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8281

    A missing file type check in Nextcloud Contacts 3.3.0 allows a malicious user to upload malicious SVG files to perform cross-site scripting (XSS) attacks.... Read more

    Affected Products : contacts
    • Published: Jan. 06, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8155

    An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF.... Read more

    Affected Products : nextcloud_server
    • Published: May. 12, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-6253

    edx-platform before 2015-08-17 allows XSS in the Studio listing of courses.... Read more

    Affected Products : edx-platform
    • Published: Jul. 29, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-8089

    Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to the group_list page.... Read more

    Affected Products : piwigo
    • Published: Feb. 10, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2007-5236

    Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files via an ... Read more

    Affected Products : jre sdk jdk
    • Published: Oct. 06, 2007
    • Modified: Apr. 09, 2025

  • 5.4

    MEDIUM
    CVE-2020-7937

    An XSS issue in the title field in Plone 5.0 through 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site.... Read more

    Affected Products : plone
    • Published: Jan. 23, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-7910

    JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer role.... Read more

    Affected Products : teamcity
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294695 Results