Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2020-2156

    Jenkins DeployHub Plugin 8.0.14 and earlier transmits configured credentials in plain text as part of job configuration forms, potentially resulting in their exposure.... Read more

    Affected Products : deployhub
    • Published: Mar. 09, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2011-2275

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.49.31, 8.50.20, and 8.51.11 allows remote attackers to affect integrity via unknown vectors.... Read more

    • Published: Jul. 21, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2019-19084

    In Octopus Deploy 3.3.0 through 2019.10.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted package, triggering an exception that exposes underlying operating system details.... Read more

    Affected Products : octopus_deploy
    • Published: Nov. 18, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-14829

    A vulnerability was found in Moodle affection 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions where activity creation capabilities were not correctly respected when selecting the activity to use for a course in single activity mo... Read more

    Affected Products : moodle
    • Published: Mar. 19, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2009-3187

    Cross-site scripting (XSS) vulnerability in gamelist.php in Stand Alone Arcade 1.1 allows remote attackers to inject arbitrary web script or HTML via the cat parameter.... Read more

    Affected Products : saa
    • Published: Sep. 15, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-7133

    Multiple cross-site scripting (XSS) vulnerabilities in onlinetools.org EasyImageCatalogue 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) search and (2) d index.php parameters to index.php, (3) dir parameter to thumber.php,... Read more

    Affected Products : easyimagecatalogue
    • Published: Sep. 01, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2012-0936

    Cross-site scripting (XSS) vulnerability in web/springframework/security/SecurityAuthenticationEventOnmsEventBuilder.java in OpenNMS 1.8.x before 1.8.17, 1.9.93 and earlier, and 1.10.x before 1.10.1 allows remote attackers to inject arbitrary web script o... Read more

    Affected Products : opennms opennms
    • Published: Jan. 29, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-5608

    Cross-site scripting (XSS) vulnerability in apps/user_webdavauth/settings.php in ownCloud 4.5.x before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via arbitrary POST parameters.... Read more

    Affected Products : owncloud owncloud_server
    • Published: Dec. 18, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-2490

    Cross-site scripting (XSS) vulnerability in the KJ Image Lightbox 2 (aka kj_imagelightbox2) extension 1.4.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified "user input."... Read more

    Affected Products : kj_imagelightbox2
    • Published: May. 28, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-6490

    Cross-site request forgery (CSRF) vulnerability in Falcon Series One CMS 1.4.3 allows remote attackers to change a password via a certain changepass action to index.php.... Read more

    Affected Products : series_one_cms
    • Published: Dec. 20, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2020-9987

    An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 14.0. Visiting a malicious website may lead to address bar spoofing.... Read more

    Affected Products : safari
    • Published: Dec. 08, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2008-7092

    Multiple cross-site scripting (XSS) vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote attackers to inject arbitrary web script or HTML via a Javascript event in the (1) url, (2) PageName, and (3) title parameters in a CustomBookMarkLink a... Read more

    Affected Products : affinium_campaign
    • Published: Aug. 26, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3067

    Cross-site scripting (XSS) vulnerability in index.php in Reservation Manager allows remote attackers to inject arbitrary web script or HTML via the resman_startdate parameter.... Read more

    Affected Products : reservation_manager
    • Published: Sep. 03, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-4083

    The Easy Restaurant Table Booking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation when saving settings. This makes it possible for unauthent... Read more

    Affected Products :
    • Published: May. 02, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-10388

    A cross-site request forgery vulnerability in Jenkins Relution Enterprise Appstore Publisher Plugin 1.24 and earlier allows attackers to have Jenkins initiate an HTTP connection to an attacker-specified server.... Read more

    • Published: Aug. 07, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2009-3763

    Unspecified vulnerability in the Access Manager / OpenSSO component in Oracle OpenSSO Enterprise 7.1, 7, 2005Q4, and 8.0 allows remote attackers to affect integrity via unknown vectors.... Read more

    Affected Products : opensso_enterprise
    • Published: Jul. 13, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-0703

    Cross-site scripting (XSS) vulnerability in the administrative web interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCus95857.... Read more

    Affected Products : unified_meetingplace
    • Published: Apr. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2020-2209

    Jenkins TestComplete support Plugin 2.4.1 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system.... Read more

    Affected Products : testcomplete_support
    • Published: Jul. 02, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-36652

    A SQL Injection in the users searching REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to read database data via SQL commands injected in the search parameter.... Read more

    Affected Products : cryptospike
    • Published: Dec. 12, 2023
    • Modified: May. 27, 2025

  • 4.3

    MEDIUM
    CVE-2021-20730

    Improper access control vulnerability in WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior allows an attacker to obtain configuration information via unspecified vectors.... Read more

    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 294119 Results