Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2010-1609

    Cross-site scripting (XSS) vulnerability in SAP NetWeaver 2004 before SP21 and 2004s before SP13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : netweaver
    • Published: Apr. 29, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1655

    Cross-site scripting (XSS) vulnerability in User/User_ChkLogin.asp in PowerEasy 2006 and PowerEasy SiteWeaver 6.8 allows remote attackers to inject arbitrary web script or HTML via the ComeUrl parameter.... Read more

    Affected Products : siteweaver
    • Published: May. 03, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-5193

    Cross-site scripting (XSS) vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the category parameter. NOTE: the url parameter vector is already covered by CVE-2014-5082.... Read more

    Affected Products : sphider
    • Published: Aug. 07, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2009-1809

    Multiple cross-site scripting (XSS) vulnerabilities in myColex 1.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the year parameter to modules/kalender.php, (2) the Page parameter in a List action to modules/ereignis.php, (3) the... Read more

    Affected Products : mycolex
    • Published: May. 29, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2012-5684

    Cross-site scripting (XSS) vulnerability in ZPanel 10.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the inFullname parameter in an UpdateAccountSettings action in the my_account module to zpanel/.... Read more

    Affected Products : zpanel
    • Published: Aug. 14, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-3331

    The Session Manager component in Packet Data Network Gateway (aka PGW) in Cisco ASR 5000 Series Software 11.0, 12.0, 12.1, 12.2, 14.0, 15.0, 16.x through 16.1.2, and 17.0 allows remote attackers to cause a denial of service (process crash) via a crafted T... Read more

    Affected Products : asr_5000_series_software
    • Published: Aug. 20, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2010-0876

    Unspecified vulnerability in the Life Sciences - Oracle Clinical Remote Data Capture Option component in Oracle Industry Product Suite 4.5.3 and 4.6 allows remote attackers to affect integrity, related to RDC Onsite.... Read more

    Affected Products : industry_product_suite
    • Published: Apr. 13, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-0855

    Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-0086.... Read more

    Affected Products : fusion_middleware
    • Published: Apr. 13, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-0863

    Unspecified vulnerability in the Retail - Oracle Retail Plan In-Season component in Oracle Industry Product Suite 12.2 allows remote attackers to affect integrity via unknown vectors related to Online Help.... Read more

    Affected Products : industry_product_suite
    • Published: Apr. 13, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-0864

    Unspecified vulnerability in the Retail - Oracle Retail Place In-Season component in Oracle Industry Product Suite 12.2 allows remote attackers to affect integrity via unknown vectors related to Online Help.... Read more

    Affected Products : industry_product_suite
    • Published: Apr. 13, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-4930

    Multiple cross-site scripting (XSS) vulnerabilities in event/index2.do in ManageEngine EventLog Analyzer before 9.0 build 9002 allow remote attackers to inject arbitrary web script or HTML via the (1) width, (2) height, (3) url, (4) helpP, (5) tab, (6) mo... Read more

    Affected Products : manageengine_eventlog_analyzer
    • Published: Aug. 29, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-6234

    Cross-site scripting (XSS) vulnerability in the Open Graph protocol (jh_opengraphprotocol) extension before 1.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : open_graph_protocol
    • Published: Sep. 11, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2010-1339

    Cross-site scripting (XSS) vulnerability in ts_other.php in the Teamsite Hack plugin 3.0 and earlier for WoltLab Burning Board allows remote attackers to inject arbitrary web script or HTML via the userid parameter in a modboard action, which is not prope... Read more

    Affected Products : burning_board teamsite_hack_plugin
    • Published: Apr. 09, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-6392

    Cross-site scripting (XSS) vulnerability in the Facebook app 14.0 and the Facebook Messenger app 10.0 for iOS allows remote attackers to inject arbitrary web script or HTML via a crafted filename extension that is improperly handled during MIME sniffing o... Read more

    Affected Products : facebook facebook_messenger
    • Published: Sep. 15, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-1507

    Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) newHspStatus parameter to plugins/ajaxCalls/haltResumeHsp.php, (2) sortOrder1 parameter to templates/hrfu... Read more

    Affected Products : orangehrm
    • Published: Sep. 17, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-5235

    Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via vectors related to unspecified fields in RSS feeds.... Read more

    Affected Products : open-xchange_appsuite
    • Published: Sep. 17, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-7248

    Cross-site scripting (XSS) vulnerability in IPA iLogScanner 4.0 allows remote attackers to inject arbitrary web script or HTML by triggering a crafted entry in a log file.... Read more

    Affected Products : ilogscanner
    • Published: Nov. 15, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2004-2767

    NWFTPD.nlm before 5.04.25 in the FTP server in Novell NetWare does not promptly close DS sessions, which allows remote attackers to cause a denial of service (connection slot exhaustion) by establishing many FTP sessions that persist for the lifetime of a... Read more

    Affected Products : netware netware_ftp_server
    • Published: Apr. 05, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2019-11808

    Ratpack versions before 1.6.1 generate a session ID using a cryptographically weak PRNG in the JDK's ThreadLocalRandom. This means that if an attacker can determine a small window for the server start time and obtain a session ID value, they can theoretic... Read more

    Affected Products : ratpack
    • Published: May. 07, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-8732

    Cross-site scripting (XSS) vulnerability in phpMemcachedAdmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : phpmemcachedadmin
    • Published: Nov. 17, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293640 Results