Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2001-1522

    Cross-site scripting (XSS) vulnerability in im.php in IMessenger for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via a message.... Read more

    Affected Products : php-nuke
    • Published: Dec. 31, 2001
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2025-2670

    IBM OpenPages 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points related to workflow feature of OpenPages. An authenticated user is able to obtain certain information abo... Read more

    Affected Products : openpages_with_watson openpages
    • Published: Jul. 09, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2013-4037

    The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers... Read more

    • Published: Aug. 09, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2006-4755

    Cross-site scripting (XSS) vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the letter parameter. NOTE: the provenance of this information is unknown; the details are obtai... Read more

    Affected Products : phpmydirectory
    • Published: Sep. 13, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2014-5172

    Multiple cross-site scripting (XSS) vulnerabilities in the XS Administration Tools in SAP HANA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : hana
    • Published: Jul. 31, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2017-3473

    Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0.1 and 12.0.1. Easily "exploitable" vulnerability allows lo... Read more

    Affected Products : flexcube_private_banking
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2004-1420

    Multiple cross-site scripting (XSS) vulnerabilities in header.php in WHM AutoPilot 2.4.6.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) site_title or (2) http_images parameter.... Read more

    Affected Products : autopilot
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2020-10493

    CSRF in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a glossary term, given the id, via a crafted request.... Read more

    Affected Products : phpkb
    • Published: Mar. 12, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-4045

    IBM Business Automation Workflow and IBM Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 provide embedded document management features. Because of a missing restriction in an API, a client might spoof the last modified by value of a document. IB... Read more

    • Published: Apr. 08, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-4751

    The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : wp_prayer prayer
    • Published: Jun. 14, 2024
    • Modified: Jul. 11, 2025

  • 4.3

    MEDIUM
    CVE-2006-4762

    Multiple cross-site scripting (XSS) vulnerabilities in Ykoon RssReader allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test sui... Read more

    Affected Products : rssreader
    • Published: Sep. 13, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2015-2182

    Multiple cross-site scripting (XSS) vulnerabilities in ZeusCart 4 allow remote attackers to inject arbitrary web script or HTML via the (1) schltr parameter in a brands action or (2) brand parameter in a viewbrands action to index.php. NOTE: The search p... Read more

    Affected Products : zeuscart
    • Published: Mar. 11, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2008-2531

    Cross-site scripting (XSS) vulnerability in the search script in Build A Niche Store (BANS) 3.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter.... Read more

    Affected Products : bans
    • Published: Jun. 03, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-21959

    Vulnerability in the Oracle iReceivables product of Oracle E-Business Suite (component: Attachments). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to... Read more

    Affected Products : ireceivables
    • Published: Apr. 18, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2005-1231

    Cross-site scripting (XSS) vulnerability in the NewTerm function in GlossaryModel.php in JAWS 0.4 allows remote attackers to inject arbitrary web script or HTML via the (1) term or (2) description.... Read more

    Affected Products : jaws
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2012-4262

    Multiple cross-site scripting (XSS) vulnerabilities in myCare2x allow remote attackers to inject arbitrary web script or HTML via the (1) name_last, (2) name_first, (3) name_middle, or (4) name_maiden parameter to modules/patient/mycare_pid.php; (5) favor... Read more

    Affected Products : mycare2x
    • Published: Aug. 13, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2023-21941

    Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP... Read more

    Affected Products : bi_publisher
    • Published: Apr. 18, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-5276

    The Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Drupal does not properly handle the $user object in memcache_admin, which might "lead to a role change not being recognized until the user logs in again."... Read more

    Affected Products : drupal memcache
    • Published: Oct. 07, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2004-1594

    Cross-site scripting (XSS) vulnerability in FuseTalk 4.0 allows remote attackers to execute arbitrary web script via an img src tag.... Read more

    Affected Products : fusetalk
    • Published: Oct. 13, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2025-31482

    FreshRSS is a self-hosted RSS feed aggregator. A vulnerability in versions prior to 1.26.2 causes a user to be repeatedly logged out after fetching a malicious feed entry, effectively causing that user to suffer denial of service. Version 1.26.2 contains ... Read more

    Affected Products : freshrss
    • Published: Jun. 04, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Denial of Service
Showing 20 of 294270 Results