Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2013-0499

    Cross-site scripting (XSS) vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote attackers to inject arbitrary web script or HTML via a SOAP message, as demonstrat... Read more

    • Published: May. 28, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-8765

    Multiple cross-site scripting (XSS) vulnerabilities in the Project Issue File Review module (PIFR) module 6.x-2.x before 6.x-2.17 for Drupal allow (1) remote attackers to inject arbitrary web script or HTML via a crafted patch, which triggers a PIFR clien... Read more

    Affected Products : project_issue_file_review
    • Published: Oct. 14, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-25770

    libming 0.4.8 contains a memory leak vulnerability in /libming/src/actioncompiler/listaction.c.... Read more

    Affected Products : libming
    • Published: Feb. 26, 2024
    • Modified: Apr. 16, 2025

  • 4.3

    MEDIUM
    CVE-2024-44113

    Due to missing authorization checks, SAP Business Warehouse (BEx Analyzer) allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a l... Read more

    Affected Products :
    • Published: Sep. 10, 2024
    • Modified: Sep. 10, 2024

  • 4.3

    MEDIUM
    CVE-2006-3106

    Cross-site scripting (XSS) vulnerability in index.php in phpMyDesktop|Arcade 1.0 allows remote attackers to inject arbitrary web script or HTML via the subsite parameter in the subsite todo.... Read more

    Affected Products : phpmydesktop_arcade
    • Published: Jun. 21, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2008-6034

    Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the atkaction parameter. NOTE: the provenance of this information is unknown; the details are obtained solely fro... Read more

    Affected Products : achievo
    • Published: Feb. 03, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2012-3251

    Cross-site scripting (XSS) vulnerability in HP Service Manager Web Tier 7.11, 9.21, and 9.30, and HP Service Center Web Tier 6.28, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • Published: Aug. 16, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-6574

    Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 6.1.0.3 allows remote attackers to affect integrity via unknown vectors related to Testing Protocol Library.... Read more

    Affected Products : supply_chain_products_suite
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2006-3257

    Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.7.7 allow remote attackers to inject arbitrary HTML or web script via unspecified attack vectors, possibly including (1) calendar/myagenda.php, (2) document/document.php, (3) phpbb/newtopi... Read more

    Affected Products : claroline
    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2008-6903

    Sophos Anti-Virus for Windows before 7.6.3, Anti-Virus for Windows NT/9x before 4.7.18, Anti-Virus for OS X before 4.9.18, Anti-Virus for Linux before 6.4.5, Anti-Virus for UNIX before 7.0.5, Anti-Virus for Unix and Netware before 4.37.0, Sophos EM Librar... Read more

    Affected Products : anti-virus anti-virus7.6.3
    • Published: Aug. 06, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-51667

    Missing Authorization vulnerability in David de Boer Paytium.This issue affects Paytium: from n/a through 4.4.10.... Read more

    Affected Products : paytium
    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 4.3

    MEDIUM
    CVE-2024-4661

    The WP Reset plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_ajax function in all versions up to, and including, 2.02. This makes it possible for authenticated attackers, with subscribe... Read more

    Affected Products : wp_reset
    • Published: Jun. 08, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-8431

    The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajaxGetGalleryJson() function in all versions up to, and including, 3.2.21. This makes it pos... Read more

    Affected Products : robo_gallery
    • Published: Oct. 08, 2024
    • Modified: Oct. 10, 2024

  • 4.3

    MEDIUM
    CVE-2008-0522

    Cross-site scripting (XSS) vulnerability in multiple Hal Networks shopping-cart products allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : perl__cgi_cart php_cart shop_hal_v1
    • Published: Jan. 31, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-41866

    Missing Authorization vulnerability in Team Plugins360 Automatic YouTube Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic YouTube Gallery: from n/a through 2.3.3.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 4.3

    MEDIUM
    CVE-2009-3194

    Cross-site scripting (XSS) vulnerability in index.php in JCE-Tech SearchFeed Script allows remote attackers to inject arbitrary web script or HTML via the search parameter.... Read more

    Affected Products : searchfeed_script
    • Published: Sep. 15, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2013-2309

    Cross-site scripting (XSS) vulnerability in the management screen in OpenPNE 3.4.x before 3.4.21.1, 3.6.x before 3.6.9.1, and 3.8.x before 3.8.5.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving the "mobile version col... Read more

    Affected Products : openpne
    • Published: Jun. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-22404

    Nextcloud files Zip app is a tool to create zip archives from one or multiple files from within Nextcloud. In affected versions users can download "view-only" files by zipping the complete folder. It is recommended that the Files ZIP app is upgraded to 1.... Read more

    Affected Products : nextcloud_server notes zipper
    • Published: Jan. 18, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-4771

    Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) admin/accounts/, (2) admin/manage/, or (3) admin/manage/blocks/edit/; or (4) group pa... Read more

    Affected Products : subrion_cms
    • Published: Oct. 22, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-2011

    Multiple cross-site scripting (XSS) vulnerabilities in HP Web Jetadmin 8.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : web_jetadmin
    • Published: Jun. 13, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 294690 Results