Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2023-4948

    The WooCommerce CVR Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refresh_order_cvr_data AJAX action in versions up to 6.1.0. This makes it possible for authenticated attac... Read more

    Affected Products : woocommerce_cvr_payment_gateway
    • Published: Sep. 14, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-5345

    Cross-site scripting (XSS) vulnerability in upgrade.php in the Disqus Comment System plugin before 2.76 for WordPress allows remote attackers to inject arbitrary web script or HTML via the step parameter.... Read more

    Affected Products : disqus_comment_system
    • Published: Aug. 19, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-3842

    Multiple cross-site scripting (XSS) vulnerabilities in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) decrypt or (2) encrypt parameter.... Read more

    Affected Products : imember360
    • Published: May. 22, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2018-1315

    In Apache Hive 2.1.0 to 2.3.2, when 'COPY FROM FTP' statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP server can cause the file to be written to an arbitrary location on the cluster where the command is run from. This is becaus... Read more

    Affected Products : hive
    • Published: Apr. 05, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-3484

    Multiple cross-site scripting (XSS) vulnerabilities in dotCMS before 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) _loginUserName parameter to application/login/login.html, (2) my_account_login parameter to c/portal_publi... Read more

    Affected Products : dotcms
    • Published: Apr. 02, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-3413

    Cross-site scripting (XSS) vulnerability in the search form in the administration/monitoring panel on the Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuh87036.... Read more

    Affected Products : identity_services_engine_software
    • Published: Jul. 04, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2022-29234

    BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4.1, an attacker could send messages to a locked chat within a grace period of 5s any lock setting in the meeting was changed. The attacker... Read more

    Affected Products : bigbluebutton
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-5677

    Cross-site scripting (XSS) vulnerability in shoutbox/blocco.php in Hackish BETA 1.1 allows remote attackers to inject arbitrary web script or HTML via the go_shout parameter.... Read more

    Affected Products : hackish
    • Published: Oct. 24, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-33525

    A Stored Cross-site Scripting (XSS) vulnerability in the "Import of organizational units and title of organizational unit" feature in ILIAS 7.20 to 7.29 and ILIAS 8.4 to 8.10 as well as ILIAS 9.0 allows remote authenticated attackers with administrative p... Read more

    Affected Products :
    • Published: May. 21, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-34884

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou... Read more

    Affected Products : microstation view bentley_view
    • Published: Jan. 13, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2008-2207

    Cross-site scripting (XSS) vulnerability in admin/index.php in Maian Gallery 2.0 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action.... Read more

    Affected Products : maian_gallery
    • Published: May. 14, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2012-0071

    Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote attackers to affect integrity via unknown vectors related to Web, a different vulnerability than CVE-2012-0093.... Read more

    Affected Products : fusion_middleware
    • Published: Oct. 16, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-2209

    Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Piwigo before 2.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter in the configuration module, (2) installstatus parameter in the languages_n... Read more

    Affected Products : piwigo
    • Published: Aug. 14, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-0959

    Cross-site scripting (XSS) vulnerability in WebEditor/Authentication/LoginPage.aspx in IBM ENOVIA SmarTeam 5 allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter.... Read more

    Affected Products : enovia_smarteam
    • Published: Mar. 10, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-4394

    Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter.... Read more

    Affected Products : owncloud owncloud_server
    • Published: Sep. 05, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-3844

    Cross-site scripting (XSS) vulnerability in vBulletin 4.1.12 allows remote attackers to inject arbitrary web script or HTML via a long string in the subject parameter when creating a post.... Read more

    Affected Products : vbulletin
    • Published: Jul. 03, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2021-41613

    An issue was discovered in the controller unit of the OpenRISC mor1kx processor. The write logic of Exception Effective Address Register (EEAR) is not implemented correctly. User programs from authorized privilege levels will be unable to write to EEAR.... Read more

    Affected Products : mor1kx_firmware mor1kx
    • Published: Apr. 18, 2023
    • Modified: Mar. 05, 2025

  • 4.3

    MEDIUM
    CVE-2012-5551

    Multiple cross-site scripting (XSS) vulnerabilities in the MailChimp module 7.x-2.x before 7.x-2.7 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) a predictable "webhook URL key" and (2) improper sanitiz... Read more

    Affected Products : drupal mailchimp
    • Published: Dec. 03, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-5226

    Multiple cross-site scripting (XSS) vulnerabilities in Peel SHOPPING 2.8 and 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) motclef parameter to achat/recherche.php or (2) PATH_INFO to index.php.... Read more

    Affected Products : peel_shopping
    • Published: Oct. 01, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-2887

    IBM Lotus Symphony 3 before FP3 on Linux allows remote attackers to cause a denial of service (application crash) via a certain sample document.... Read more

    Affected Products : linux_kernel lotus_symphony
    • Published: Jul. 27, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 294193 Results