Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2013-6415

    Cross-site scripting (XSS) vulnerability in the number_to_currency helper in actionpack/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the uni... Read more

    Affected Products : rails ruby_on_rails actionpack
    • Published: Dec. 07, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-27757

    A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. The flaw could be triggered by a crafted input file under certa... Read more

    Affected Products : debian_linux imagemagick
    • Published: Dec. 08, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-5215

    Cross-site scripting (XSS) vulnerability in the web interface "WiFi scan" option in FOSCAM Wireless IP Cameras allows remote attackers to inject arbitrary web script or HTML via the SSID.... Read more

    Affected Products : wireless_ip_camera
    • Published: Nov. 20, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-5749

    Cross-site scripting (XSS) vulnerability in management/prioritize_planning.php in SimpleRisk before 20130916-001 allows remote attackers to inject arbitrary web script or HTML via the new_project parameter.... Read more

    Affected Products : simplerisk
    • Published: May. 12, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-5438

    Cross-site scripting (XSS) vulnerability in the web server in IBM Flex System Manager (FSM) 1.1.0 through 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : flex_system_manager
    • Published: Dec. 14, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-26196

    Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability... Read more

    Affected Products : edge edge_chromium
    • Published: Mar. 21, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-5305

    Cross-site scripting (XSS) vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : typo3 locator
    • Published: Aug. 16, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2022-36891

    A missing permission check in Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier allows attackers with Item/Read permission but without Deploy Now/Deploy permission to read deployment logs.... Read more

    Affected Products : deployer_framework
    • Published: Jul. 27, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-5449

    Cross-site scripting (XSS) vulnerability in workingSet.jsp in IBM Eclipse Help System (IEHS), as used in the installable InfoCenter component in IBM FileNet Content Manager 4.5.1, 5.0.0, 5.1.0, and 5.2.0, allows remote attackers to inject arbitrary web sc... Read more

    Affected Products : filenet_content_manager
    • Published: Dec. 04, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-26188

    Microsoft Edge (Chromium-based) Spoofing Vulnerability... Read more

    Affected Products : edge edge_chromium
    • Published: Feb. 23, 2024
    • Modified: Nov. 29, 2024

  • 4.3

    MEDIUM
    CVE-2020-27751

    A flaw was found in ImageMagick in MagickCore/quantum-export.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long long` as well as a shif... Read more

    Affected Products : debian_linux imagemagick
    • Published: Dec. 08, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-5154

    The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a crafted application.... Read more

    Affected Products : iphone_os
    • Published: Sep. 19, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-6175

    Multiple cross-site scripting (XSS) vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset... Read more

    Affected Products : document_sciences_xpression
    • Published: Nov. 21, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-6858

    Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topology" page.... Read more

    Affected Products : ubuntu_linux opensuse horizon
    • Published: Nov. 23, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-2901

    The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requireme... Read more

    Affected Products : tomcat
    • Published: Jan. 28, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-1646

    Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary web script or HTML via (1) invalid JSON data in a mail-sending POST req... Read more

    Affected Products : open-xchange_server
    • Published: Sep. 05, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-26415

    Information about the starred projects for private user profiles was exposed via the GraphQL API starting from 12.2 via the REST API. This affects GitLab >=12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2.... Read more

    Affected Products : gitlab
    • Published: Dec. 11, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-6178

    Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.4 SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : rsa_archer_egrc
    • Published: Dec. 19, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-6318

    Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote attackers to i... Read more

    Affected Products : algo_one
    • Published: Mar. 05, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-6786

    Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "forbidden author header" protection mechanism is bypasse... Read more

    • Published: Jan. 16, 2014
    • Modified: Apr. 11, 2025
Showing 20 of 293619 Results