Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2023-6710

    A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias param... Read more

    Affected Products : enterprise_linux mod_proxy_cluster
    • Published: Dec. 12, 2023
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-21001

    Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Platform Security). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with... Read more

    Affected Products : business_intelligence
    • Published: Apr. 16, 2024
    • Modified: Nov. 27, 2024

  • 5.4

    MEDIUM
    CVE-2024-20980

    Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP ... Read more

    • Published: Feb. 17, 2024
    • Modified: Nov. 27, 2024

  • 5.4

    MEDIUM
    CVE-2024-20958

    Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network acc... Read more

    Affected Products : installed_base
    • Published: Feb. 17, 2024
    • Modified: Nov. 27, 2024

  • 5.4

    MEDIUM
    CVE-2022-39331

    Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application in the notifications. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There... Read more

    Affected Products : desktop nextcloud_server notes
    • Published: Nov. 25, 2022
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-20944

    Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTT... Read more

    Affected Products : isupport
    • Published: Jan. 16, 2024
    • Modified: Jun. 20, 2025

  • 5.4

    MEDIUM
    CVE-2024-30055

    Microsoft Edge (Chromium-based) Spoofing Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: May. 14, 2024
    • Modified: Jan. 17, 2025

  • 5.4

    MEDIUM
    CVE-2024-20913

    Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Platform Security). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker wit... Read more

    Affected Products : business_intelligence
    • Published: Feb. 17, 2024
    • Modified: Nov. 27, 2024

  • 5.4

    MEDIUM
    CVE-2024-52840

    Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DO... Read more

    • Published: Dec. 10, 2024
    • Modified: Dec. 18, 2024

  • 5.4

    MEDIUM
    CVE-2020-20129

    LaraCMS v1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content editor.... Read more

    Affected Products : laracms
    • Published: Sep. 29, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2024-20799

    Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a v... Read more

    • Published: Apr. 02, 2024
    • Modified: Dec. 03, 2024

  • 5.4

    MEDIUM
    CVE-2024-20778

    Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a v... Read more

    • Published: Apr. 10, 2024
    • Modified: Dec. 03, 2024

  • 5.4

    MEDIUM
    CVE-2024-20760

    Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a v... Read more

    • Published: Mar. 18, 2024
    • Modified: Dec. 03, 2024

  • 5.4

    MEDIUM
    CVE-2024-27970

    Missing Authorization vulnerability in BogdanFix WP SendFox.This issue affects WP SendFox: from n/a through 1.3.0. ... Read more

    Affected Products :
    • Published: Apr. 11, 2024
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2012-1903

    XSS in Telligent Community 5.6.583.20496 via a flash file and related to the allowScriptAccess parameter.... Read more

    Affected Products : community
    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2012-1753

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to PC.... Read more

    Affected Products : peoplesoft_products
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2024-42371

    The RFC enabled function module allows a low privileged user to delete the workplace favourites of any user. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces and nodes. There is low impact ... Read more

    Affected Products : netweaver_application_server_abap
    • Published: Sep. 10, 2024
    • Modified: Sep. 10, 2024

  • 5.4

    MEDIUM
    CVE-2023-34408

    DokuWiki before 2023-04-04a allows XSS via RSS titles.... Read more

    Affected Products : dokuwiki
    • Published: Jun. 05, 2023
    • Modified: Jan. 08, 2025

  • 5.4

    MEDIUM
    CVE-2012-1500

    Stored XSS vulnerability in UpdateFieldJson.jspa in JIRA 4.4.3 and GreenHopper before 5.9.8 allows an attacker to inject arbitrary script code.... Read more

    Affected Products : jira greenhopper
    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2020-1696

    A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. An attacker with sufficie... Read more

    Affected Products : dogtagpki certificate_system
    • Published: Mar. 20, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294848 Results