Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2012-4590

    Multiple cross-site scripting (XSS) vulnerabilities in About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 might allow remote attackers to inject arbitrary web script or HTML via the (1) User Agent or (2) Connection variable.... Read more

    Affected Products : enterprise_mobility_manager
    • Published: Aug. 22, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-3296

    Cross-site scripting (XSS) vulnerability in the Help link in the login panel in IBM Power Hardware Management Console (HMC) 7R7.1.0 before SP4, 7R7.2.0 before SP2, and 7R7.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified ... Read more

    Affected Products : power_hardware_management_console
    • Published: Aug. 17, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-3300

    Multiple cross-site scripting (XSS) vulnerabilities in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allow remote attackers to inject arbitrary web script or HTML via the (1)... Read more

    • Published: May. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2250

    Multiple cross-site scripting (XSS) vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) banned_word[] parameter to index.php/dashboard/system/conversations/bannedwords/success, (2) channel pa... Read more

    Affected Products : concrete5
    • Published: May. 15, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-2371

    Cross-site scripting (XSS) vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pagination_wp_facethumb parameter.... Read more

    Affected Products : wordpress wp-facethumb
    • Published: Aug. 13, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-4278

    Multiple cross-site scripting (XSS) vulnerabilities in Free Realty 3.1-0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) notes parameter to (a) admin/agenteditor.php; (2) title, (3) previewdesc, (4) fulldesc, or (5) notes param... Read more

    Affected Products : free_realty
    • Published: Aug. 13, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-4259

    Cross-site scripting (XSS) vulnerability in the contacts in (1) XPhone UC Web and the (2) web frontend for XPhone Virtual Directory in C4B XPhone Unified Communications (UC) 2011 Web 4.1.890S R1 allows remote attackers to inject arbitrary web script or HT... Read more

    • Published: Aug. 13, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-0734

    Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Email Security Appliance (ESA) 8.5.6-106 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug ID CSCut87743.... Read more

    • Published: May. 15, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-4253

    Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to learn/cubemail/install.php or (2) f parameter learn/cubemail/filemanagement.php, or execu... Read more

    Affected Products : mysqldumper
    • Published: Aug. 13, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-2590

    Multiple cross-site scripting (XSS) vulnerabilities in ESCON SupportPortal Professional Edition 3.0 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted SRC attribute of an IFRAM... Read more

    Affected Products : escon_supportportal
    • Published: Aug. 12, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-0724

    Multiple cross-site scripting (XSS) vulnerabilities in dncs 7.0.0.12 in Cisco Headend Digital Broadband Delivery System allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug ID C... Read more

    • Published: May. 15, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-3989

    Multiple cross-site scripting (XSS) vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to private messages or other unspecified vectors.... Read more

    Affected Products : concrete5
    • Published: May. 15, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-2648

    Cross-site scripting (XSS) vulnerability in the GoodReader app 3.16 and earlier for iOS on the iPad, and 3.15.1 and earlier for iOS on the iPhone and iPod touch, allows remote attackers to inject arbitrary web script or HTML via vectors involving use of t... Read more

    Affected Products : iphone_os ipod_touch ipad goodreader
    • Published: Aug. 07, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-4071

    Cross-site scripting (XSS) vulnerability in the comments module in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to inject arbitrary web script or HTML via crafted BBC... Read more

    Affected Products : joomla\! com_rsgallery2
    • Published: Aug. 10, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-1911

    Cross-site scripting (XSS) vulnerability in Sterling Order Management 8.5 before HF113, Sterling Selling and Fulfillment Foundation 9.0.0 before FP92, and Sterling Field Sales (SFS) 9.0 before HF7 in IBM Sterling Selling and Fulfillment Suite allows remot... Read more

    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-2442

    Buffer overflow in the Video Manager in Nokia PC Suite 7.1.180.64 and earlier allows remote attackers to cause a denial of service via a crafted mp4 file.... Read more

    Affected Products : pc_suite
    • Published: Jul. 25, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-10482

    CSRF in admin/add-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new article template via a crafted request.... Read more

    Affected Products : phpkb
    • Published: Mar. 12, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-1715

    Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity, related to HTML Pages.... Read more

    Affected Products : e-business_suite
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-0961

    Barracuda Web Filter before 8.1.0.005, when SSL Inspection is enabled, does not verify X.509 certificates from upstream SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : web_filter
    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2020-10487

    CSRF in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a glossary term via a crafted request.... Read more

    Affected Products : phpkb
    • Published: Mar. 12, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294836 Results