Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2014-0351

    The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.x before 5.0.8 on FortiGate devices does not prevent use of anonymous ciphersuites, which makes it easier for man-in-the-middle attackers to obtain sensitive information or interfer... Read more

    Affected Products : fortios
    • Published: Sep. 10, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-0317

    The Security Account Manager Remote (SAMR) protocol implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly determine the use... Read more

    • Published: Mar. 12, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2020-27988

    Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field).... Read more

    Affected Products : nagios_xi
    • Published: Nov. 16, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-28001

    SolarWinds Serv-U before 15.2.2 allows Authenticated Stored XSS.... Read more

    Affected Products : serv-u
    • Published: Feb. 03, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-27991

    Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field).... Read more

    Affected Products : nagios_xi
    • Published: Nov. 16, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-27980

    Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS in the WLAN SSID parameter. This could allow an attacker to perform malicious actions in which the XSS popup will affect all privileged users.... Read more

    • Published: Oct. 28, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-27989

    Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard).... Read more

    Affected Products : nagios_xi
    • Published: Nov. 16, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-2161

    Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly escape node labels that are shown in the form validation for label expressions on job configuration pages, resulting in a stored XSS vulnerability exploitable by users able to define nod... Read more

    Affected Products : jenkins
    • Published: Mar. 25, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2013-7313

    The OSPF implementation in Juniper Junos through 13.x, JunosE, and ScreenOS through 6.3.x does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which... Read more

    Affected Products : junos junose screenos
    • Published: Jan. 23, 2014
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2020-27852

    A stored Cross-Site Scripting (XSS) vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. This code is interpreted by users in a privileged role... Read more

    Affected Products : gravityforms
    • Published: Jan. 20, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2013-7308

    The OSPF implementation on the D-Link DES-3810-28 switch with firmware R2.20.B017 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows ... Read more

    Affected Products : des-3810-28_firmware des-3810-28
    • Published: Jan. 23, 2014
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2022-46687

    Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build display names shown on the Spring Config view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to change build display names.... Read more

    Affected Products : spring_config
    • Published: Dec. 12, 2022
    • Modified: Apr. 23, 2025

  • 5.4

    MEDIUM
    CVE-2013-7310

    The OSPF implementation on Yamaha routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of se... Read more

    Affected Products : rt107e rtx1000 rtx1100 rtx1500 srt100 fwx120 rt105 rt140 rt250i rt300i +4 more products
    • Published: Jan. 23, 2014
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2013-7309

    The OSPF implementation in Extreme Networks EXOS does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denia... Read more

    Affected Products : exos
    • Published: Jan. 23, 2014
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2013-7307

    The OSPF implementation on the Brocade Vyatta vRouter with software before 6.6R1 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows r... Read more

    • Published: Jan. 23, 2014
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2013-7306

    The OSPF implementation on Brocade routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of s... Read more

    Affected Products : adx bigiron_rx fastiron icx mlx netiron_cer netiron_ces netiron_xmr turboiron vdx +1 more products
    • Published: Jan. 23, 2014
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2013-7311

    The OSPF implementation in Check Point Gaia OS R75.X and R76 and IPSO OS 6.2 R75.X and R76 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, whic... Read more

    Affected Products : gaia_os ipso_os
    • Published: Jan. 23, 2014
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2023-31165

    An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to injec... Read more

    • Published: May. 10, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2013-6979

    The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass authentication by leveraging access to a 192.168.x.2 source IP addr... Read more

    Affected Products : ios_xe ios_xe
    • Published: Dec. 23, 2013
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2014-1665

    Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file.... Read more

    Affected Products : owncloud
    • Published: Mar. 20, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294846 Results