Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2002-1678

    Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft vBulletin 2.0 rc 2 through 2.2.4 allows remote attackers to steal authentication credentials by injecting script into $letterbits.... Read more

    Affected Products : vbulletin
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2009-3588

    Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) thr... Read more

    • Published: Oct. 13, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2002-1679

    Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 allows remote attackers to execute arbitrary script as other users by injecting script into a bulletin board message.... Read more

    Affected Products : vbulletin
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2015-1564

    Cross-site scripting (XSS) vulnerability in style-underground/search in Plain Black WebGUI 7.10.29 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search field.... Read more

    Affected Products : webgui
    • Published: Feb. 09, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2009-3036

    Cross-site scripting (XSS) vulnerability in the console in Symantec IM Manager 8.3 and 8.4 before 8.4.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : im_manager
    • Published: Feb. 23, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-4346

    Cross-site scripting (XSS) vulnerability in administration user interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) 10.1 before 10.1-126.12 allows remote attackers to injec... Read more

    • Published: Jul. 16, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2020-7993

    Prototype 1.6.0.1 allows remote authenticated users to forge ticket creation (on behalf of other user accounts) via a modified email ID field.... Read more

    Affected Products : prototype
    • Published: Feb. 03, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-4283

    Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality via unknown vectors related to Automated Install Engine, a different vulnerability than CVE-2014-4277.... Read more

    Affected Products : sunos solaris
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-1369

    WebKit in Apple Safari before 6.1.5 and 7.x before 7.0.5 allows user-assisted remote attackers to access file: URLs by leveraging a URL drag operation that originates at a crafted web site.... Read more

    Affected Products : safari
    • Published: Jul. 01, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-5248

    Cross-site scripting (XSS) vulnerability in MyBB before 1.6.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to video MyCode.... Read more

    Affected Products : mybb
    • Published: Aug. 14, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-3517

    api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force at... Read more

    Affected Products : nova
    • Published: Aug. 07, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-3782

    CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user record associated with a previous user's login session via a crafted app.... Read more

    Affected Products : mac_os_x iphone_os
    • Published: Aug. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-2065

    Cross-site scripting (XSS) vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to inject arbitrary web script or HTML via the iconSize cookie.... Read more

    Affected Products : jenkins
    • Published: Oct. 17, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-5882

    Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.... Read more

    Affected Products : yui
    • Published: Nov. 16, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-1823

    Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2010 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing a valid meeting ID, aka "Lync Server Content Sanitizat... Read more

    Affected Products : lync_server
    • Published: Jun. 11, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-3423

    Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified field, aka Bug ID CSCud75174.... Read more

    Affected Products : secure_access_control_system
    • Published: Jul. 12, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2018-13290

    Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the file_path parameter.... Read more

    Affected Products : router_manager
    • Published: Apr. 01, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2009-2814

    Cross-site scripting (XSS) vulnerability in the Wiki Server in Apple Mac OS X 10.5.8 allows remote attackers to inject arbitrary web script or HTML via a search request containing data that does not use UTF-8 encoding.... Read more

    Affected Products : mac_os_x_server
    • Published: Sep. 14, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2018-16970

    Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to download non-purchased course files via a modified id parameter.... Read more

    Affected Products : learning_management_system
    • Published: Sep. 12, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-1808

    Microsoft Office 2013 Gold, SP1, RT, and RT SP1 allows remote attackers to obtain sensitive token information via a web site that sends a crafted response during opening of an Office document, aka "Token Reuse Vulnerability."... Read more

    Affected Products : office
    • Published: May. 14, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293609 Results