Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2019-5095

    An issue summary information disclosure vulnerability exists in Atlassian Jira Tempo plugin, version 4.10.0. Authenticated users can obtain the summary for issues they do not have permission to view via the Tempo plugin.... Read more

    Affected Products : tempo
    • Published: Oct. 31, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2008-3730

    Cross-site scripting (XSS) vulnerability in Nordicwind Document Management System (NOAH) before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • Published: Aug. 20, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-3482

    Cross-site scripting (XSS) vulnerability in the error page feature in Panasonic Network Camera BL-C111, BL-C131, BB-HCM511, BB-HCM531, BB-HCM580, BB-HCM581, BB-HCM527, and BB-HCM515 allows remote attackers to inject arbitrary web script or HTML via unspec... Read more

    • Published: Aug. 05, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2012-1445

    The ELF file parser in eSafe 7.0.17.0, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified abi field. NOTE: this may later be SPLIT i... Read more

    • Published: Mar. 21, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-3421

    Multiple cross-site request forgery (CSRF) vulnerabilities in Blackboard Academic Suite 8.0.260.7 allow remote attackers to hijack the authentication of student users for requests that change configuration and enrollments via unspecified input to (1) upda... Read more

    Affected Products : blackboard_academic_suite
    • Published: Jul. 31, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-3032

    Cross-site scripting (XSS) vulnerability in the phpMyAdmin (phpmyadmin) extension 3.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : phpmyadmin phpmyadmin
    • Published: Jul. 07, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-3448

    Cross-site scripting (XSS) vulnerability in index.php in common solutions csphonebook 1.02 allows remote attackers to inject arbitrary web script or HTML via the letter parameter.... Read more

    Affected Products : csphonebook
    • Published: Aug. 04, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-3394

    Multiple cross-site scripting (XSS) vulnerabilities in search.cfm in BookMine allow remote attackers to inject arbitrary web script or HTML via the (1) gallery and (2) search_string parameters.... Read more

    Affected Products : bookmine
    • Published: Jul. 31, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-3404

    Cross-site scripting (XSS) vulnerability in guestbook.js.php in MJGuest 6.8 GT allows remote attackers to inject arbitrary web script or HTML via the link parameter.... Read more

    Affected Products : mjguest
    • Published: Jul. 31, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2012-3238

    Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field.... Read more

    • Published: Jul. 09, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-1825

    Multiple cross-site scripting (XSS) vulnerabilities in the status program on the ForeScout CounterACT appliance with software 6.3.3.2 through 6.3.4.10 allow remote attackers to inject arbitrary web script or HTML via (1) the loginname parameter in a forgo... Read more

    Affected Products : counteract
    • Published: Jun. 11, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-1686

    Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.6 and other versions allows remote attackers to affect integrity via unknown vectors related to Installation.... Read more

    Affected Products : fusion_middleware
    • Published: Oct. 16, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-1685

    Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.6 allows remote attackers to affect integrity via unknown vectors related to Core.... Read more

    • Published: Oct. 16, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-1857

    Cross-site scripting (XSS) vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Dynamics AX Enterprise Portal XSS Vulnerability."... Read more

    Affected Products : dynamics_ax
    • Published: Jun. 12, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-1677

    Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware allows remote attackers to affect integrity via unknown vectors.... Read more

    Affected Products : fusion_middleware
    • Published: Jan. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2025-21269

    Windows HTML Platforms Security Feature Bypass Vulnerability... Read more

    • Published: Jan. 14, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Misconfiguration

  • 4.3

    MEDIUM
    CVE-2012-1858

    The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cro... Read more

    • Published: Jun. 12, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-1873

    Microsoft Internet Explorer 7 through 9 does not properly create and initialize string data, which allows remote attackers to obtain sensitive information from process memory via a crafted HTML document, aka "Null Byte Information Disclosure Vulnerability... Read more

    • Published: Jun. 12, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-1870

    The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext d... Read more

    • Published: Jul. 10, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-1990

    Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric Kerweb before 3.0.1 and Kerwin before 6.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the evtvariablename parameter in an evts.xml action to kw.dll, (2) ... Read more

    Affected Products : kerweb kerwin
    • Published: May. 22, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 293517 Results