Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-41734

    Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information. There is no impact on integrity or availa... Read more

    Affected Products : netweaver_application_server_abap
    • Published: Aug. 13, 2024
    • Modified: Sep. 12, 2024

  • 4.3

    MEDIUM
    CVE-2020-9986

    A file access issue existed with certain home folder files. This was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.7. A malicious application may be able to read sensitive location information.... Read more

    Affected Products : macos mac_os_x
    • Published: Oct. 22, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-3414

    Cross-site scripting (XSS) vulnerability in the WebVPN portal login page on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCug83080.... Read more

    • Published: Jul. 25, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-2028

    CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.... Read more

    Affected Products : websphere_extreme_scale
    • Published: Oct. 04, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-5340

    Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not consider the moodle/badges:viewbadges capability, which allows remote authenticated users to obtain sensitive badge information via a request involving (1) bad... Read more

    Affected Products : moodle
    • Published: Feb. 22, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4847

    Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via vectors related to OCI.... Read more

    Affected Products : supply_chain_products_suite
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2011-3057

    Google V8, as used in Google Chrome before 17.0.963.83, allows remote attackers to cause a denial of service via vectors that trigger an invalid read operation.... Read more

    Affected Products : chrome
    • Published: Mar. 22, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-5836

    Apple Online Store Kit in Apple OS X before 10.11 improperly validates iCloud keychain item ACLs, which allows attackers to obtain access to keychain items via a crafted app.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Oct. 09, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2005-1799

    Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.5.7 and WikiLite (FSWikiLite) .10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.... Read more

    Affected Products : wiki wikilite
    • Published: May. 31, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2020-9104

    HUAWEI P30 smartphones with Versions earlier than 10.1.0.123(C431E22R2P5),Versions earlier than 10.1.0.123(C432E22R2P5),Versions earlier than 10.1.0.126(C10E7R5P1),Versions earlier than 10.1.0.126(C185E4R7P1),Versions earlier than 10.1.0.126(C461E7R3P1),V... Read more

    Affected Products : p30_firmware p30
    • Published: Aug. 21, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-5788

    The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element.... Read more

    Affected Products : iphone_os safari
    • Published: Sep. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4793

    Unspecified vulnerability in the Oracle Communications Convergence component in Oracle Communications Applications 2.0 and 3.0.1 allows remote attackers to affect confidentiality via unknown vectors related to Mail Proxy.... Read more

    Affected Products : communications_applications
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-5355

    Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post-content or (2) post-title parameter to admin/edit.php.... Read more

    Affected Products : getsimple_cms getsimple_cms
    • Published: Jul. 01, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2005-0949

    Multiple cross-site scripting (XSS) vulnerabilities in content.asp in Iatek PortalApp allow remote attackers to inject arbitrary web script or HTML via the (1) contenttype or (2) keywords parameter.... Read more

    Affected Products : portalapp
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-5718

    Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by... Read more

    Affected Products : phpmyadmin
    • Published: Nov. 04, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2005-0896

    Multiple cross-site scripting (XSS) vulnerabilities in review.php in phpMyDirectory 10.1.3-rel allow remote attackers to inject arbitrary web script or HTML via the (1) subcat, (2) page, or (3) subsubcat parameter.... Read more

    Affected Products : phpmydirectory
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2015-5022

    IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2, when access by guests is enabled, place an internal hostname and a payload path in a response, which allows remote authentic... Read more

    Affected Products : b2b_advanced_communications
    • Published: Oct. 06, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2005-0886

    Cross-site scripting (XSS) vulnerability in Invision Power Board 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an HTTP POST request.... Read more

    Affected Products : invision_board
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2015-5441

    Multiple cross-site scripting (XSS) vulnerabilities in HP ArcSight Management Center before 2.1 and ArcSight Logger before 6.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • Published: Nov. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2005-0842

    Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) _i or (2) _c parameter.... Read more

    Affected Products : esupport
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 293620 Results