Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2020-27980

    Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS in the WLAN SSID parameter. This could allow an attacker to perform malicious actions in which the XSS popup will affect all privileged users.... Read more

    • Published: Oct. 28, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-27989

    Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard).... Read more

    Affected Products : nagios_xi
    • Published: Nov. 16, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-2161

    Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define nod... Read more

    Affected Products : jenkins
    • Published: Mar. 25, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2013-7313

    The OSPF implementation in Juniper Junos through 13.x, JunosE, and ScreenOS through 6.3.x does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which... Read more

    Affected Products : junos junose screenos
    • Published: Jan. 23, 2014
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2020-27852

    A stored Cross-Site Scripting (XSS) vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role... Read more

    Affected Products : gravityforms
    • Published: Jan. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2013-7308

    The OSPF implementation on the D-Link DES-3810-28 switch with firmware R2.20.B017 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows ... Read more

    Affected Products : des-3810-28_firmware des-3810-28
    • Published: Jan. 23, 2014
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2022-46687

    Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build display names shown on the Spring Config view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to change build display names.... Read more

    Affected Products : spring_config
    • Published: Dec. 12, 2022
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2013-7310

    The OSPF implementation on Yamaha routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of se... Read more

    Affected Products : rt107e rtx1000 rtx1100 rtx1500 srt100 fwx120 rt105 rt140 rt250i rt300i +4 more products
    • Published: Jan. 23, 2014
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2013-7309

    The OSPF implementation in Extreme Networks EXOS does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denia... Read more

    Affected Products : exos
    • Published: Jan. 23, 2014
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2013-7307

    The OSPF implementation on the Brocade Vyatta vRouter with software before 6.6R1 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows r... Read more

    • Published: Jan. 23, 2014
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2013-7306

    The OSPF implementation on Brocade routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of s... Read more

    Affected Products : adx bigiron_rx fastiron icx mlx netiron_cer netiron_ces netiron_xmr turboiron vdx +1 more products
    • Published: Jan. 23, 2014
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2013-7311

    The OSPF implementation in Check Point Gaia OS R75.X and R76 and IPSO OS 6.2 R75.X and R76 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, whic... Read more

    Affected Products : gaia_os ipso_os
    • Published: Jan. 23, 2014
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2023-31165

    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to injec... Read more

    • Published: May. 10, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2013-6979

    The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass authentication by leveraging access to a 192.168.x.2 source IP addr... Read more

    Affected Products : ios_xe ios_xe
    • Published: Dec. 23, 2013
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2014-1665

    Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file.... Read more

    Affected Products : owncloud
    • Published: Mar. 20, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2013-6706

    The Cisco Express Forwarding processing module in Cisco IOS XE allows remote attackers to cause a denial of service (device reload) via crafted MPLS packets that are not properly handled during IP header validation, aka Bug ID CSCuj23992.... Read more

    Affected Products : ios_xe ios_xe
    • Published: Nov. 29, 2013
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2024-45285

    The RFC enabled function module allows a low privileged user to perform denial of service on any user and also change or delete favourite nodes. By sending a crafted packet in the function module targeting specific parameters, the specific targeted user w... Read more

    Affected Products : netweaver_application_server_abap
    • Published: Sep. 10, 2024
    • Modified: Sep. 10, 2024

  • 5.4

    MEDIUM
    CVE-2024-26125

    Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a v... Read more

    • Published: Mar. 18, 2024
    • Modified: Dec. 03, 2024

  • 5.4

    MEDIUM
    CVE-2013-6465

    Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs.... Read more

    Affected Products : jbpm
    • Published: Dec. 19, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2024-26124

    Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a v... Read more

    • Published: Mar. 18, 2024
    • Modified: Dec. 03, 2024
Showing 20 of 294837 Results