Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2021-39347

    The Stripe for WooCommerce WordPress plugin is missing a capability check on the save() function found in the ~/includes/admin/class-wc-stripe-admin-user-edit.php file that makes it possible for attackers to configure their account to use other site users... Read more

    Affected Products : stripe_for_woocommerce
    • Published: Oct. 04, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-4661

    Cross-site scripting (XSS) vulnerability in HP Records Manager before 7.3.5 and 8.x before 8.1 Patch 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : records_manager
    • Published: Oct. 10, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2003-1278

    Cross-site scripting vulnerability (XSS) in OpenTopic 2.3.1 allows remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into IMG tags.... Read more

    Affected Products : opentopic
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2014-4853

    Cross-site scripting (XSS) vulnerability in odm-init.php in OpenDocMan before 1.2.7.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name of an uploaded file.... Read more

    Affected Products : opendocman
    • Published: Jul. 10, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2020-10743

    It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to trick a user into performing arbitrary actions in OCP'... Read more

    Affected Products : openshift_container_platform kibana
    • Published: Jun. 02, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-6916

    Cross-site scripting (XSS) vulnerability in the Yahoo! User Interface Library in Cybozu Garoon before 3.7.2, when Internet Explorer 9 or 10 or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : internet_explorer chrome garoon
    • Published: Dec. 05, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-6804

    Cross-site scripting (XSS) vulnerability in the Search module before 1.1.1 for Jamroom allows remote attackers to inject arbitrary web script or HTML via the search_string parameter to search/results/all/1/4.... Read more

    Affected Products : search_module
    • Published: Dec. 05, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-6904

    Cross-site scripting (XSS) vulnerability in a note component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : firefox internet_explorer garoon
    • Published: Dec. 05, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2005-3429

    Rockliffe MailSite Express before 6.1.22, with the option to save login information enabled, saves user passwords in plaintext in cookies, which allows local users to obtain passwords by reading the cookie file, or remote attackers to obtain the cookies v... Read more

    Affected Products : mailsite_express
    • Published: Nov. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2015-4278

    Cisco Email Security Appliance (ESA) devices with software 8.5.6-106 and 9.5.0-201 allow remote attackers to cause a denial of service (per-domain e-mail reception outage) by placing malformed DMARC policy data in DNS TXT records for a domain, aka Bug ID ... Read more

    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-0870

    Multiple cross-site scripting (XSS) vulnerabilities in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allow remote attackers to inject arbitrary web script or HTML via (1) the Message parameter to rc... Read more

    Affected Products : algo_credit_limits algorithmics
    • Published: Jul. 07, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2005-3514

    Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Forum script allow remote attackers to inject arbitrary web script or HTML via the forumID parameter to (1) newtopic.php, (2) quote.php, (3) index.php, and (4) reply.php.... Read more

    Affected Products : chipmunk_forum
    • Published: Nov. 06, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2014-0893

    Cross-site scripting (XSS) vulnerability in customreport.jsp in IBM Maximo Asset Management 7.5.x before 7.5.0.5 IFIX006 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to inject arbitrary web sc... Read more

    • Published: May. 26, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-7881

    Cross-site scripting (XSS) vulnerability in the server in HP Insight Control allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : insight_control_server_deployment
    • Published: Jan. 15, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2005-3566

    Buffer overflow in various ha commands of VERITAS Cluster Server for UNIX before 4.0MP2 allows local users to execute arbitrary code via a long VCSI18N_LANG environment variable to (1) haagent, (2) haalert, (3) haattr, (4) hacli, (5) hacli_runcmd, (6) hac... Read more

    • Published: Nov. 16, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2013-7066

    The Entity reference module 7.x-1.x before 7.x-1.1-rc1 for Drupal allows remote attackers to read private nodes titles by leveraging edit permissions to a node that references a private node.... Read more

    Affected Products : entityreference
    • Published: Apr. 29, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2005-3577

    Cross-site scripting vulnerability (XSS) in ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the sug parameter.... Read more

    Affected Products : walla_telesite
    • Published: Nov. 16, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2020-14544

    Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Data, Domain & Function Security). The supported version that is affected is 6.4.3. Easily exploitable vulnerability allows low privileged attacker with netwo... Read more

    Affected Products : transportation_management
    • Published: Jul. 15, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-1888

    Cross-site scripting (XSS) vulnerability in the BuddyPress plugin before 1.9.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the name field to groups/create/step/group-details. NOTE: this can be exploited with... Read more

    Affected Products : wordpress buddypress
    • Published: Mar. 01, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4210

    Cross-site scripting (XSS) vulnerability in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur03806.... Read more

    Affected Products : webex_meeting_center
    • Published: Jun. 23, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 294690 Results