Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2013-5570

    Cross-site scripting (XSS) vulnerability in the Javascript and CSS Optimizer extension before 1.1.14 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : typo3 js_css_optimizer
    • Published: Aug. 23, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2017-0894

    Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.... Read more

    Affected Products : nextcloud_server
    • Published: May. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2005-4393

    Cross-site scripting (XSS) vulnerability in show.cfm in e-publish CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) obcatid and (2) comid parameters.... Read more

    Affected Products : e-publish
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2015-6515

    Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.4, 6.1.x before 6.1.8, 6.0.x before 6.0.9, and 5.0.x before 5.0.13 and Splunk Light 6.2.x before 6.2.4 allows remote attackers to inject arbitrary web script or H... Read more

    Affected Products : splunk
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2005-4399

    Cross-site scripting (XSS) vulnerability in search/index.php in Libertas Enterprise CMS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page_search parameter.... Read more

    Affected Products : libertas_enterprise_cms
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2017-1000114

    The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. While the API key is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the... Read more

    Affected Products : datadog
    • Published: Oct. 05, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2014-9176

    Cross-site scripting (XSS) vulnerability in the InstaSqueeze Sexy Squeeze Pages plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to lp/index.php.... Read more

    Affected Products : sexy_squeeze_pages
    • Published: Dec. 02, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-0433

    Unspecified vulnerability in the Web Cache component in Oracle Fusion Middleware 11.1.1.9.0 allows remote attackers to affect confidentiality via vectors related to SSL support.... Read more

    Affected Products : fusion_middleware
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-1637

    The 360 Javascript Viewer plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and nonce exposure on several AJAX actions in all versions up to, and including, 1.7.12. This makes it possible for authent... Read more

    Affected Products :
    • Published: Apr. 09, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-5612

    Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via the caption tag of a profile image.... Read more

    Affected Products : october
    • Published: Sep. 04, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-32084

    Cross-Site Request Forgery (CSRF) vulnerability in Gold Plugins Before And After.This issue affects Before And After: from n/a through 3.9. ... Read more

    Affected Products :
    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-9004

    Cross-site scripting (XSS) vulnerability in vldPersonals before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a member_profile action to index.php.... Read more

    Affected Products : vldpersonals
    • Published: Nov. 20, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1164

    Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the PAT... Read more

    Affected Products : serve-static
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9468

    Multiple cross-site scripting (XSS) vulnerabilities in InstantASP InstantForum.NET 4.1.3, 4.1.2, 4.1.1, 4.0.0, 4.1.0, and 3.4.0 allow remote attackers to inject arbitrary web script or HTML via the SessionID parameter to (1) Join.aspx or (2) Logon.aspx.... Read more

    Affected Products : instantforum
    • Published: Feb. 19, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2007-6465

    Multiple cross-site scripting (XSS) vulnerabilities in ganglia-web in Ganglia before 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) c and (2) h parameters to (a) web/host_gmetrics.php; the (3) G, (4) me, (5) x, (6) n, (7) ... Read more

    Affected Products : ganglia
    • Published: Dec. 20, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-6463

    Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in PHP Real Estate Classifieds allow remote attackers to inject arbitrary web script or HTML via unspecified "text areas/boxes."... Read more

    Affected Products : classifieds
    • Published: Dec. 20, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2017-10341

    Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.7. Difficult to exploit vulnerability allows unauthenticated attacker w... Read more

    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2013-4341

    Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 allow remote attackers to inject arbitrary web script or HTML via a crafted blog link within an RSS feed.... Read more

    Affected Products : moodle
    • Published: Sep. 16, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2007-1927

    Cross-site scripting (XSS) vulnerability in signup.asp in CmailServer WebMail 5.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the POP3Mail parameter.... Read more

    Affected Products : cmailserver
    • Published: Apr. 10, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2015-6290

    Cisco Web Security Appliance (WSA) 8.0.7 allows remote HTTP servers to cause a denial of service (memory consumption from stale TCP connections) via crafted responses, aka Bug ID CSCuw10426.... Read more

    • Published: Sep. 14, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 294426 Results