Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2008-0361

    Directory traversal vulnerability in agregar_info.php in GradMan 0.1.3 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tabla parameter.... Read more

    Affected Products : gradman
    • Published: Jan. 18, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2012-2084

    Cross-site scripting (XSS) vulnerability in the Printer, email and PDF versions module 6.x-1.x before 6.x-1.15 and 7.x-1.x before 7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably the PATH_... Read more

    Affected Products : drupal print
    • Published: Nov. 22, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-9031

    In all Android releases from CAF using the Linux kernel, a TZ memory address is exposed to HLOS by HDCP.... Read more

    Affected Products : android
    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2021-42336

    The learning history page of the Easytest is vulnerable by permission bypass. After obtaining a user’s permission, remote attackers can access other users’ and administrator’s account information except password by crafting URL parameters.... Read more

    • Published: Oct. 15, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-3274

    Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to cause a denial of service (application crash) via JavaScript that sets the document.location variable, as demonstrated by an empty value of document.location.... Read more

    Affected Products : windows_xp safari
    • Published: Jun. 19, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2020-6345

    SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated TGA file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is cau... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • Published: Sep. 09, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-1497

    Unspecified vulnerability in the Oracle COREid Access component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to WebGate - WebServer plugin.... Read more

    Affected Products : fusion_middleware
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2021-42070

    When a user opens manipulated Jupiter Tessellation (.jt) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • Published: Dec. 14, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-24866

    Discourse Assign is a plugin for assigning users to a topic in Discourse, an open-source messaging platform. Prior to version 1.0.1, the UserBookmarkSerializer serialized the whole User / Group object, which leaked some private information. The data was o... Read more

    Affected Products : assign
    • Published: Apr. 26, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-1158

    Cross-site scripting (XSS) vulnerability in the IBM Tivoli Monitoring (ITM) help menus in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud54... Read more

    • Published: May. 01, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2007-6728

    Cross-site scripting (XSS) vulnerability in XMB 1.5 allows remote attackers to inject arbitrary web script or HTML via the MSN field during user registration.... Read more

    Affected Products : xmb
    • Published: Jul. 05, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2012-6575

    Cross-site scripting (XSS) vulnerability in the Exposed Filter Data module 6.x-1.x before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal exposed_filter_data
    • Published: Jun. 27, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-4542

    Cross-site scripting (XSS) vulnerability in newticket.php in IsolSoft Support Center 2.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.... Read more

    Affected Products : support_center
    • Published: Jan. 04, 2010
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2015-0747

    Cisco Conductor for Videoscape 3.0 and Cisco Headend System Release allow remote attackers to inject arbitrary cookies via a crafted HTTP request, aka Bug ID CSCuh25408.... Read more

    • Published: May. 30, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-4246

    Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter; or the (2) footer, (3) status, or (4) testtarget parameter in ... Read more

    Affected Products : phplist
    • Published: Aug. 12, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-3515

    Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) package parameter to www/admin/plugin-index.php or the (2) group parameter to www/admin/plugin... Read more

    Affected Products : openx
    • Published: Jul. 29, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2396

    Unspecified vulnerability in the Forms component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors.... Read more

    Affected Products : fusion_middleware
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2433

    Multiple cross-site scripting (XSS) vulnerabilities in content/internalError.jsp in IBM WebSphere ILOG JRules 6.7 allow remote attackers to inject arbitrary web script or HTML via an RTS URL to (1) explore/explore.jsp, (2) compose/compose.jsp, or (3) home... Read more

    Affected Products : websphere_ilog_jrules
    • Published: Jun. 24, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-23597

    Cross-site request forgery (CSRF) vulnerability exists in TvRock 0.9t8a. If a logged-in user of TVRock accesses a specially crafted page, unintended operations may be performed. Note that the developer was unreachable, therefore, users should consider sto... Read more

    Affected Products :
    • Published: May. 01, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-4397

    Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) calendar displayname to part.choosecalendar.rowfields.php or (2) part.choosecalendar.rowfields.shared.ph... Read more

    Affected Products : owncloud owncloud_server
    • Published: Sep. 05, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 293631 Results