Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2014-2577

    Multiple cross-site scripting (XSS) vulnerabilities in the Transform Content Center in Bottomline Technologies Transform Foundation Server before 4.3.1 Patch 8 and 5.x before 5.2 Patch 7 allow remote attackers to inject arbitrary web script or HTML via th... Read more

    Affected Products : transform_foundation_server
    • Published: Jun. 05, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-2682

    Cisco Linksys E4200 1.0.05 Build 7 devices contain a Clickjacking Vulnerability which allows remote attackers to obtain sensitive information.... Read more

    • Published: Feb. 05, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-2371

    Cross-site scripting (XSS) vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pagination_wp_facethumb parameter.... Read more

    Affected Products : wordpress wp-facethumb
    • Published: Aug. 13, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-2124

    Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service (crash) via empty guest files.... Read more

    Affected Products : libguestfs
    • Published: May. 27, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-3870

    Cross-site scripting (XSS) vulnerability in the bib2html plugin 0.9.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the styleShortName parameter in an adminStyleAdd action to OSBiB/create/index.php.... Read more

    Affected Products : bib2html
    • Published: May. 27, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-3849

    The iMember360 plugin 3.8.012 through 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to delete arbitrary users via a request containing a user name in the Email parameter and the API key in the i4w_clearuser paramet... Read more

    Affected Products : imember360
    • Published: May. 23, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-1855

    Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel before 3.5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) capcheck parameter to directories.php or (2) keyword parameter to proxy.php.... Read more

    Affected Products : seo_panel
    • Published: May. 20, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-3841

    Cross-site scripting (XSS) vulnerability in the Contact Bank plugin before 2.0.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Label field, related to form layout configuration. NOTE: some of these details are obta... Read more

    Affected Products : wordpress contact_bank
    • Published: May. 22, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-3758

    Cross-site scripting (XSS) vulnerability in the BibTex Publications (si_bibtex) extension 0.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via vectors related to the import functionality.... Read more

    Affected Products : si_bibtex
    • Published: May. 16, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2019-16116

    EnterpriseDT CompleteFTP Server prior to version 12.1.3 is vulnerable to information exposure in the Bootstrap.log file. This allows an attacker to obtain the administrator password hash.... Read more

    Affected Products : completeftp_server
    • Published: Oct. 02, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-3134

    Cross-site scripting (XSS) vulnerability in the InfoView application in SAP BusinessObjects allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : businessobjects
    • Published: Apr. 30, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-2715

    Multiple cross-site scripting (XSS) vulnerabilities in vwrooms\templates\logout.tpl.php in the VideoWhisper Webcam plugins for Drupal 7.x allow remote attackers to inject arbitrary web script or HTML via the (1) module or (2) message parameter to index.ph... Read more

    Affected Products : videowhisper
    • Published: Apr. 28, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-2391

    The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, w... Read more

    Affected Products : open-xchange_appsuite
    • Published: Apr. 24, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-5039

    The BGP Router process in Cisco IOS before 12.2(50)SY1 allows remote attackers to cause a denial of service (memory consumption) via vectors involving BGP path attributes, aka Bug ID CSCsw63003.... Read more

    Affected Products : ios
    • Published: Apr. 23, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-5570

    The Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with the "access basic_webmail" permission to read arbitrary users' email addresses.... Read more

    Affected Products : basic_webmail
    • Published: Feb. 08, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-1834

    Cross-site scripting (XSS) vulnerability in the cms_tpv_admin_head function in functions.php in the CMS Tree Page View plugin before 0.8.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cms_tpv_view parameter to wp-ad... Read more

    Affected Products : cms_tree_page_view
    • Published: Apr. 07, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-2116

    Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject web pages and modify dynamic content via unspecified parameters, aka Bug ID CSCun37882.... Read more

    Affected Products : emergency_responder
    • Published: Apr. 04, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-0086

    The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a large number of malformed atmosphere push requests.... Read more

    Affected Products : richfaces jboss_web_framework_kit
    • Published: Mar. 31, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-0807

    Cross-site scripting (XSS) vulnerability in the NewSectionPrompt function in include/tool/editing_page.php in gpEasy CMS 3.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the section parameter in a new_section action to ... Read more

    Affected Products : gpeasy_cms
    • Published: Mar. 28, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-2077

    Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 7.4.1 before 7.4.1-rev10 and 7.4.2 before 7.4.2-rev8 allows remote attackers to inject arbitrary web script or HTML via the subject of an email, involving 'the aria "ta... Read more

    Affected Products : open-xchange_appsuite
    • Published: Mar. 20, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 294421 Results