Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2013-0708

    Cross-site scripting (XSS) vulnerability in dopvCOMET* 0009b allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled during display of the access log.... Read more

    Affected Products : dopvcomet\*
    • Published: Mar. 01, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-4234

    Cross-site scripting (XSS) vulnerability in the group moderation screen in the control center (control.php) in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via the group parameter.... Read more

    Affected Products : phorum
    • Published: Sep. 04, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-4000

    Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remote attackers to inject arbitrary web script or HTML via ... Read more

    Affected Products : fckeditor
    • Published: Jul. 12, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-23520

    Missing Authorization vulnerability in AccessAlly PopupAlly.This issue affects PopupAlly: from n/a through 2.1.0. ... Read more

    Affected Products : popupally
    • Published: Mar. 26, 2024
    • Modified: Mar. 20, 2025

  • 4.3

    MEDIUM
    CVE-2012-2683

    Multiple cross-site scripting (XSS) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) "erro... Read more

    Affected Products : enterprise_mrg cumin
    • Published: Sep. 28, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-0338

    libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity exp... Read more

    Affected Products : ubuntu_linux libxml2 opensuse
    • Published: Apr. 25, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-3138

    Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Web interface.... Read more

    Affected Products : e-business_suite
    • Published: Oct. 16, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2005-3091

    Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, as identified by bug#0005751 "thraxisp".... Read more

    Affected Products : mantis
    • Published: Sep. 28, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2012-2066

    Cross-site scripting (XSS) vulnerability in the FCKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal allows remote authenticated users or remote attackers to inject arbitrary web scri... Read more

    Affected Products : drupal ckeditor fckeditor
    • Published: Sep. 05, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-2231

    Unspecified vulnerability in the XML Developer Kit component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1, Oracle Fusion Middleware 10.1.3.5, allows remote attackers to affect availability via unknown vectors.... Read more

    Affected Products : database_server fusion_middleware
    • Published: Jul. 20, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-2927

    Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allow remote attackers to inject arbitrary web script or HTML via vectors related to Search forms.... Read more

    Affected Products : spacewalk network_satellite
    • Published: Feb. 05, 2014
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-3184

    Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote attackers to affect integrity via unknown vectors related to Advanced UI... Read more

    Affected Products : fusion_middleware
    • Published: Oct. 17, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-0548

    Multiple cross-site scripting (XSS) vulnerabilities in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (former... Read more

    • Published: Jun. 21, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-5093

    Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0 allows remote attackers to affect integrity via unknown vectors related to Global Spec Management.... Read more

    Affected Products : supply_chain_products_suite
    • Published: Oct. 17, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-1380

    Cross-site scripting (XSS) vulnerability in JMX-Console in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 allows remote attackers to inject arbitrary web script or HTML via... Read more

    • Published: Dec. 15, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2012-2304

    The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an entity access module, does not check permissions when searching for entities, which allows remote attackers to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : drupal linkit
    • Published: Aug. 14, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-0458

    Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2, when login security is disabled, allows remote attackers... Read more

    Affected Products : websphere_application_server
    • Published: Jan. 27, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-2223

    The xplat agent in Novell ZENworks Configuration Management (ZCM) 10.3.x before 10.3.4 and 11.x before 11.2 enables the HTTP TRACE method, which might make it easier for remote attackers to conduct cross-site tracing (XST) attacks via unspecified vectors.... Read more

    Affected Products : zenworks_configuration_management
    • Published: Apr. 11, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-2243

    Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script or HTML by uploading an XML file with the xhtml extension, which is rendered inline as script. NOTE: this ... Read more

    Affected Products : mahara
    • Published: Nov. 24, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-0506

    Cross-site scripting (XSS) vulnerability in IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to inject arbitrary web script or HTML via unspecified... Read more

    • Published: Mar. 19, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 293510 Results