Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2020-6278

    SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC), versions 4.1, 4.2, allows to an attacker to embed malicious scripts in the application while uploading images, which gets executed when the victim opens these files, leading to St... Read more

    • Published: Jul. 14, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-6257

    SAP Business Objects Business Intelligence Platform (CMC and BI Launchpad) 4.2 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability.... Read more

    • Published: May. 12, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-6185

    Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), allows an authenticated attacker to store a malicious payload which results in Stored Cross Site Sc... Read more

    Affected Products : netweaver s\/4hana
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2016-7463

    Cross-site scripting (XSS) vulnerability in the Host Client in VMware vSphere Hypervisor (aka ESXi) 5.5 and 6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted VM.... Read more

    Affected Products : esxi
    • Published: Dec. 29, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2015-4072

    Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via vectors related to name and message.... Read more

    Affected Products : helpdesk_pro
    • Published: Sep. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-0255

    Microsoft SharePoint Foundation 2013 SP1 allows an elevation of privilege vulnerability when it does not properly sanitize a specially crafted web request, aka "Microsoft SharePoint XSS Vulnerability".... Read more

    Affected Products : sharepoint_foundation office
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2020-5940

    In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.3, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Traffic Management User Interface (TMUI), also known as the BIG-IP Configuration utility.... Read more

    • Published: Nov. 05, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-3976

    Cross-site scripting (XSS) vulnerability in GE Multilink ML810/3000/3100 series switch 5.2.0 and earlier, and GE Multilink ML800/1200/1600/2400 4.2.1 and earlier.... Read more

    • Published: Aug. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2015-3948

    Cross-site scripting (XSS) vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : webaccess advantech_webaccess
    • Published: Jan. 15, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2020-5923

    In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1 and BIG-IQ versions 5.4.0-7.0.0, Self-IP port-lockdown bypass via IPv6 link-local addresses.... Read more

    • Published: Aug. 26, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-5853

    In BIG-IP APM portal access on versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, when backend servers serve HTTP pages with special JavaScript code, this can lead to internal portal access name conflict.... Read more

    Affected Products : big-ip_access_policy_manager
    • Published: Jan. 14, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-5746

    Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by creating a crafted test.... Read more

    Affected Products : tcexam
    • Published: May. 07, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-5737

    Stored XSS in Tenable.Sc before 5.14.0 could allow an authenticated remote attacker to craft a request to execute arbitrary script code in a user's browser session. Updated input validation techniques have been implemented to correct this issue.... Read more

    Affected Products : tenable.sc
    • Published: Apr. 17, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-5662

    Reflected cross-site scripting vulnerability in XooNIps 3.49 and earlier allows remote authenticated attackers to inject arbitrary script via unspecified vectors.... Read more

    Affected Products : xoonips
    • Published: Nov. 16, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-5669

    Cross-site scripting vulnerability in Movable Type Movable Type Premium 1.37 and earlier and Movable Type Premium Advanced 1.37 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.... Read more

    Affected Products : movable_type
    • Published: Oct. 26, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2015-3615

    Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation atta... Read more

    • Published: Aug. 11, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2015-3610

    The Siemens HomeControl for Room Automation application before 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information or modify data via a crafted c... Read more

    Affected Products : homecontrol_for_room_automation
    • Published: May. 07, 2015
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2015-3619

    Cross-site scripting (XSS) vulnerability in assets/js/vm2admin.js in the VirtueMart component before 3.0.8 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors involving a "double encode combination of first_name, last_na... Read more

    Affected Products : virtuemart
    • Published: Feb. 06, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-35345

    A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts unidentified code within the file /classes/Users.php. Manipulating the argument id results in cross-site scripting.... Read more

    Affected Products : dino_physics_school_assistant
    • Published: May. 30, 2024
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2015-3172

    EidoGo is susceptible to Cross-Site Scripting (XSS) attacks via maliciously crafted SGF input.... Read more

    Affected Products : eidogo
    • Published: Jul. 06, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294690 Results