Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2007-5598

    Cross-site scripting (XSS) vulnerability in Weblinks for Drupal 4.7.x before 4.7.x-1.0 and 5.x before 5.x-1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : web_links
    • Published: Oct. 19, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2013-4134

    OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key.... Read more

    Affected Products : debian_linux openafs
    • Published: Nov. 05, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-25037

    IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser.... Read more

    Affected Products : windows cognos_controller controller
    • Published: Jan. 07, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2013-3908

    Microsoft Internet Explorer 6 through 10 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information from any visited document via a crafted web page that is not properly handled during a print-preview action, a... Read more

    Affected Products : internet_explorer
    • Published: Nov. 13, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-4001

    Session fixation vulnerability in IBM Cognos Command Center before 10.2 allows remote attackers to hijack web sessions via an authorization cookie.... Read more

    Affected Products : cognos_command_center
    • Published: Dec. 14, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-3964

    Cross-site scripting (XSS) vulnerability in Samsung SHR-5162, SHR-5082, and possibly other models, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.... Read more

    Affected Products : shr-5082 shr-5162
    • Published: Oct. 01, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2022-32205

    A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cook... Read more

    • Published: Jul. 07, 2022
    • Modified: May. 05, 2025

  • 4.3

    MEDIUM
    CVE-2013-3990

    Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN98FLQ2.... Read more

    Affected Products : lotus_domino
    • Published: Aug. 09, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-1629

    Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "ExchangeDLP Cross Site Scripting Vulnera... Read more

    Affected Products : exchange_server
    • Published: Mar. 11, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-3837

    Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows remote attackers to affect availability via unknown vectors related to Cacao.... Read more

    Affected Products : sunos solaris sunos
    • Published: Oct. 16, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-3833

    Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5.0 and 11.1.2.0.0 allows remote attackers to affect integrity via unknown vectors related to Authentication Engine.... Read more

    Affected Products : fusion_middleware
    • Published: Oct. 16, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-3822

    Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1 allows remote attackers to affect integrity via unknown vectors related to Web Client (CS).... Read more

    Affected Products : supply_chain_products_suite
    • Published: Jul. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-3818

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect integrity via unknown vectors related to Portal, a different vulnerability than CVE-2013-2404... Read more

    Affected Products : peoplesoft_products
    • Published: Jul. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-1692

    Microsoft Internet Explorer 7 through 11 allows user-assisted remote attackers to read the clipboard contents via crafted web script, aka "Internet Explorer Clipboard Information Disclosure Vulnerability."... Read more

    Affected Products : internet_explorer
    • Published: May. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-4030

    Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack ag... Read more

    • Published: Jan. 21, 2014
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-0931

    Cross-site scripting (XSS) vulnerability in the tag cloud search script (horde/services/portal/cloud_search.php) in Horde before 3.2.4 and 3.3.3, and Horde Groupware before 1.1.5, allows remote attackers to inject arbitrary web script or HTML via unspecif... Read more

    Affected Products : horde horde_groupware
    • Published: Mar. 17, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2013-4024

    IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x support HTTP access to the Web Console, which allows remote attackers to read session ... Read more

    • Published: Sep. 25, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-4006

    IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.5.1 uses weak permissions for unspecified files, which allows local users to obtain sensitive information via standard filesystem operations.... Read more

    Affected Products : websphere_application_server
    • Published: Nov. 18, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2021-20193

    A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.... Read more

    Affected Products : tar
    • Published: Mar. 26, 2021
    • Modified: May. 05, 2025

  • 4.3

    MEDIUM
    CVE-2013-3514

    Multiple directory traversal vulnerabilities in OpenX before 2.8.10 revision 82710 allow remote administrators to read arbitrary files via a .. (dot dot) in the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a diffe... Read more

    Affected Products : openx
    • Published: May. 14, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293620 Results