Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2014-3373

    Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCu... Read more

    Affected Products : unified_communications_manager
    • Published: Oct. 31, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-3382

    Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and... Read more

    Affected Products : mono mono
    • Published: Jul. 12, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-4285

    Unspecified vulnerability in the Oracle Applications Technology component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to Reports Configuration.... Read more

    Affected Products : e-business_suite
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2019-20415

    Atlassian Jira Server and Data Center in affected versions allows remote attackers to modify logging and profiling settings via a cross-site request forgery (CSRF) vulnerability. The affected versions are before version 7.13.3, and from version 8.0.0 befo... Read more

    • Published: Jun. 30, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-3797

    Cross-site scripting (XSS) vulnerability in VMware vCenter Server Appliance (vCSA) 5.1 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : vcenter_server_appliance
    • Published: Dec. 08, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-3352

    Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) 2008.3_SP9 and earlier does not properly consider whether a session is a problematic NULL session, which allows remote attackers to obtain sensitive information via crafted packets, related t... Read more

    Affected Products : cloud_portal
    • Published: Aug. 30, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4329

    Cross-site scripting (XSS) vulnerability in lua/host_details.lua in ntopng 1.1 allows remote attackers to inject arbitrary web script or HTML via the host parameter.... Read more

    Affected Products : ntopng
    • Published: Jun. 19, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-3803

    The SpeechInput feature in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to enable microphone access and obtain speech-recognition text without indication via an INPUT element with a -x-webkit-speech attribute.... Read more

    Affected Products : chrome
    • Published: May. 21, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-3823

    The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r1, 7.4 before 7.4r5, and 7.1 before 7.1r18 allows remote attackers to conduct clickjacking attacks via unspecified vectors.... Read more

    Affected Products : junos_pulse_secure_access_service
    • Published: Sep. 29, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-4201

    The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code that... Read more

    • Published: Nov. 21, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-1223

    Cross-site scripting (XSS) vulnerability in controlpanel/loading.aspx in Telligent Evolution before 6.1.19.36103, 7.x before 7.1.12.36162, 7.5.x, and 7.6.x before 7.6.7.36651 allows remote attackers to inject arbitrary web script or HTML via the msg param... Read more

    Affected Products : evolution
    • Published: Feb. 27, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-6882

    Multiple cross-site scripting (XSS) vulnerabilities in CRU Ditto Forensic FieldStation with firmware 2013Oct15a and earlier allow (1) remote attackers to inject arbitrary web script or HTML via the username parameter in a login or (2) remote authenticated... Read more

    • Published: Dec. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-7082

    Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in TYPO3 Flow (formerly FLOW3) 1.1.x before 1.1.1 and 2.0.x before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified i... Read more

    Affected Products : typo3 flow
    • Published: Dec. 21, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-1439

    The "faster LJPEG decoder" in libraw 0.13.x, 0.14.x, and 0.15.x before 0.15.4 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted photo file.... Read more

    Affected Products : libraw
    • Published: Sep. 16, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-4312

    Multiple cross-site scripting (XSS) vulnerabilities in Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allow remote attackers to inject arbitrary web script or HTML via the (1) Notes section to Order details; (2) Description section to "Order to consu... Read more

    Affected Products : epicor_enterprise
    • Published: Oct. 10, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-3777

    Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Signon.... Read more

    Affected Products : e-business_suite
    • Published: Jul. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2007-5046

    Cross-site scripting (XSS) vulnerability in the Webmail interface for IceWarp Merak Mail Server before 9.0.0 allows remote attackers to inject arbitrary JavaScript via a javascript: URI in an attribute of an element in an email message body, as demonstrat... Read more

    Affected Products : merak_mail_server
    • Published: Sep. 24, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2005-1634

    Multiple cross-site scripting (XSS) vulnerabilities in JGS-XA JGS-Portal 3.0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) anzahl_beitraege parameter to jgs_portal.php, (2) year parameter to jgs_portal_statistik.p... Read more

    Affected Products : jgs-portal
    • Published: May. 17, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2014-3344

    Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 allow remote attackers to inject arbitrary web script or HTML via unspecifi... Read more

    • Published: Aug. 28, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-3325

    Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Customer Voice Portal (CVP) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug IDs CSCuh61711, CSCuh61720, CSCuh61723, CSCuh61726, CSCuh61727,... Read more

    Affected Products : unified_customer_voice_portal
    • Published: Jul. 19, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 294514 Results