Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2014-4242

    Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect integrity via unknown vectors related to Console.... Read more

    Affected Products : weblogic_server fusion_middleware
    • Published: Jul. 17, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4217

    Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, and 12.1.1.0 allows remote attackers to affect integrity via vectors related to WLS - Web Services.... Read more

    Affected Products : weblogic_server fusion_middleware
    • Published: Jul. 17, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2020-3887

    A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A download's origin may be incorrectly associa... Read more

    • Published: Apr. 01, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-9412

    Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.1 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter to roma/jsp/debug/debug.jsp or (2) an arbitrary parameter in a de... Read more

    Affected Products : access_manager access_manager
    • Published: Dec. 23, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4353

    Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent (1) iMessage or (2) MMS.... Read more

    Affected Products : iphone_os
    • Published: Sep. 18, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2023-50765

    A missing permission check in Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier allows attackers with Overall/Read permission to read the contents of a Groovy script by knowing its ID.... Read more

    Affected Products : scriptler
    • Published: Dec. 13, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-7291

    Multiple cross-site scripting (XSS) vulnerabilities in api_events.php in Springshare LibCal 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) m or (2) cid parameter.... Read more

    Affected Products : libcal
    • Published: Dec. 01, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-7277

    Cross-site scripting (XSS) vulnerability in the login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified "welcome message" form data that is i... Read more

    Affected Products : sbg3300-n_firmware sbg3300-n
    • Published: Oct. 04, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9443

    Cross-site scripting (XSS) vulnerability in the Relevanssi plugin before 3.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : relevanssi
    • Published: Jan. 02, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-7261

    Cross-site scripting (XSS) vulnerability in ULTRAPOP.JP i-HTTPD allows remote attackers to inject arbitrary web script or HTML via a crafted string that is improperly rendered during construction of a directory index page, a different vulnerability than C... Read more

    Affected Products : i-httpd
    • Published: Dec. 12, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-4207

    The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly handle a ~ (tilde) character in proximit... Read more

    • Published: Nov. 21, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-7258

    Cross-site scripting (XSS) vulnerability in KENT-WEB Clip Board 2.91 and earlier, when running certain versions of Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : clip_board
    • Published: Dec. 05, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-7203

    libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors.... Read more

    Affected Products : libzmq zeromq
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-7183

    Multiple cross-site scripting (XSS) vulnerabilities in the search.php in LiteCart 1.1.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query parameter or (2) QUERY_STRING.... Read more

    Affected Products : litecart
    • Published: Oct. 22, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9479

    Cross-site scripting (XSS) vulnerability in the preview in the TemplateSandbox extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via the text parameter to Special:TemplateSandbox.... Read more

    Affected Products : mediawiki
    • Published: Jan. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-7157

    Cross-site scripting (XSS) vulnerability in Exinda WAN Optimization Suite 7.0.0 (2160) allows remote attackers to inject arbitrary web script or HTML via the tabsel parameter to admin/launch.... Read more

    Affected Products : wan_optimization_suite
    • Published: Oct. 02, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-5188

    Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux allow a remote attacker to spoof various parts of browser UI via crafted HTML pages.... Read more

    Affected Products : chrome
    • Published: Dec. 18, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2009-3009

    Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper.... Read more

    Affected Products : rails activesupport actionpack
    • Published: Sep. 08, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-31404

    Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to the product to view the data of Scheduler.... Read more

    Affected Products : garoon
    • Published: Jun. 11, 2024
    • Modified: May. 28, 2025

  • 4.3

    MEDIUM
    CVE-2014-7144

    OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remo... Read more

    • Published: Oct. 02, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 294071 Results