Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2022-36903

    A missing permission check in Jenkins Repository Connector Plugin 2.2.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.... Read more

    Affected Products : repository_connector
    • Published: Jul. 27, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-35984

    The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An attacker in physical proximity can cause a limited out of bounds write.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-18399

    cPanel before 68.0.15 allows attackers to read root's crontab file during a short time interval upon enabling or disabling sqloptimizer (SEC-332).... Read more

    Affected Products : cpanel
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-6397

    Cross-site scripting (XSS) vulnerability in Cisco WebEx Social (formerly Cisco Quad) allows remote attackers to inject arbitrary web script or HTML via a crafted RSS service link, aka Bug ID CSCub61977.... Read more

    Affected Products : quad webex_social
    • Published: Jan. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-0387

    Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to PeopleCode.... Read more

    Affected Products : peoplesoft_products
    • Published: Jan. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-0392

    Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote attackers to affect integrity via unknown vectors related to Portal, a different vulnerability than CVE-2012-5059.... Read more

    Affected Products : peoplesoft_products
    • Published: Jan. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-0376

    Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Diagnostics.... Read more

    Affected Products : e-business_suite
    • Published: Jan. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-4494

    The Shibboleth authentication module 7.x-4.0 for Drupal does not properly check the active status of users, which allows remote blocked users to access bypass intended access restrictions and possibly have other impacts by logging in.... Read more

    Affected Products : drupal shibb_auth
    • Published: Oct. 31, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-3862

    Cross-site scripting (XSS) vulnerability in the Morning Coffee theme before 3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.... Read more

    Affected Products : wordpress morning_coffee
    • Published: Sep. 28, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-7377

    Cross-site scripting (XSS) vulnerability in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the invitaion_code parameter in a pie-register page to the ... Read more

    Affected Products : pie_register pie-register
    • Published: Oct. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9582

    Cross-site scripting (XSS) vulnerability in components/filemanager/dialog.php in Codiad 2.4.3 allows remote attackers to inject arbitrary web script or HTML via the short_name parameter in a rename action. NOTE: this issue was originally incorrectly mapp... Read more

    Affected Products : codiad
    • Published: Jan. 08, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-6453

    Cross-site scripting (XSS) vulnerability in the RSS Reader extension before 0.2.6 for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a crafted feed.... Read more

    Affected Products : rssreader
    • Published: Dec. 31, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-4932

    Multiple cross-site scripting (XSS) vulnerabilities in SimpleInvoices before stable-2012-1-CIS3000 allow remote attackers to inject arbitrary web script or HTML via (1) the having parameter in a manage action to index.php; (2) the Email field in an Add Us... Read more

    Affected Products : simple_invoices
    • Published: Dec. 28, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2019-7857

    A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can cause unwanted items to be added to a shopper's cart due to an insufficiently robust anti-CSRF token implementation.... Read more

    Affected Products : magento
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-0918

    Cross-site scripting (XSS) vulnerability in the administrative backend in Sefrengo before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter to backend/main.php.... Read more

    Affected Products : sefrengo
    • Published: Jan. 08, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6238

    Multiple cross-site scripting (XSS) vulnerabilities in the Google Analyticator plugin before 6.4.9.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) ga_adsense, (2) ga_admin_disable_DimentionIndex, (3) ga_downloads_... Read more

    • Published: Sep. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9569

    Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver Business Client (NWBC) for HTML 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) roundtrips parameter, aka SAP Security Note 2051285.... Read more

    • Published: Jan. 07, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-7373

    Cross-site scripting (XSS) vulnerability in the "magic-macros" feature in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via a GET parameter, which is not properly handled in a banner.... Read more

    Affected Products : revive_adserver
    • Published: Oct. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4973

    Cross-site scripting (XSS) vulnerability in IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : b2b_advanced_communications
    • Published: Oct. 06, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-1302

    Multiple cross-site scripting (XSS) vulnerabilities in amMap 2.6.3 allow remote attackers to inject arbitrary web script or HTML via the (1) data_file or (2) settings_file parameter to ammap.swf, or (3) the data_file parameter to amtimeline.swf.... Read more

    Affected Products : ammap
    • Published: Dec. 28, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 294287 Results