Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2013-1227

    Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Domain Manager allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCug37902.... Read more

    • Published: Apr. 29, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-5314

    Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted JPEG file, related to the cli_check_jpeg_exploit, jpeg_check_photoshop, and jpeg_check_photosh... Read more

    Affected Products : clamav
    • Published: Dec. 03, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2013-1504

    Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2, 10.3.5, 10.3.6, and 12.1.1 allows remote attackers to affect integrity via unknown vectors related to WebLogic Console, a different vulnerability than CV... Read more

    Affected Products : weblogic_server fusion_middleware
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-0805

    Multiple cross-site scripting (XSS) vulnerabilities in the search feature in iTop (aka IT Operations Portal) 2.0, 1.2.1, 1.2, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to pages/UI.php or (2) expre... Read more

    Affected Products : itop
    • Published: Mar. 20, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2017-13852

    An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "Kernel" component. It allows attackers to monitor arbit... Read more

    Affected Products : mac_os_x iphone_os tvos watchos
    • Published: Nov. 13, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-0555

    Unspecified vulnerability in the Oracle CADView-3D component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Studio.... Read more

    Affected Products : e-business_suite cadview-3d
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-2586

    XAMPP 1.8.1 does not properly restrict access to xampp/lang.php, which allows remote attackers to modify xampp/lang.tmp and execute cross-site scripting (XSS) attacks via the WriteIntoLocalDisk method.... Read more

    Affected Products : xampp
    • Published: Sep. 29, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-4063

    Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via active content in an e-mail message, aka SPRs PTHN9AQMV7 and TCLE98ZKRP.... Read more

    Affected Products : lotus_inotes lotus_domino
    • Published: Dec. 21, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-1441

    econvert in ExactImage 0.8.9 and earlier does not properly initialize the setjmp variable, which allows context-dependent users to cause a denial of service (crash) via a crafted image file.... Read more

    Affected Products : exactimage
    • Published: Sep. 16, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2016-1899

    CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype parameter... Read more

    Affected Products : fedora cgit cgit
    • Published: Jan. 20, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-2618

    Cross-site scripting (XSS) vulnerability in editor.php in Network Weathermap before 0.97b allows remote attackers to inject arbitrary web script or HTML via the map_title parameter.... Read more

    Affected Products : .network_weathermap
    • Published: Jun. 05, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2008-1672

    OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference.... Read more

    Affected Products : ubuntu_linux openssl
    • Published: May. 29, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2013-1758

    Cross-site scripting (XSS) vulnerability in the Marekkis Watermark plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pfad parameter to wp-admin/options-general.php. NOTE: some of these details are obtained ... Read more

    Affected Products : watermark
    • Published: Mar. 14, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2009-1524

    Cross-site scripting (XSS) vulnerability in Mort Bay Jetty before 6.1.17 allows remote attackers to inject arbitrary web script or HTML via a directory listing request containing a ; (semicolon) character.... Read more

    Affected Products : jetty
    • Published: May. 05, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2013-1095

    Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError event... Read more

    Affected Products : zenworks_configuration_management
    • Published: Jun. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-3274

    Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString paramet... Read more

    Affected Products : manageengine_adselfservice_plus
    • Published: Feb. 17, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-2639

    Cross-site scripting (XSS) vulnerability in CTERA Cloud Storage OS before 3.2.29.0, 3.2.42.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the description in a project folder.... Read more

    Affected Products : cloud_storage_os
    • Published: Feb. 11, 2014
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-1470

    Cross-site scripting (XSS) vulnerability in calendar/index.php in the Calendar plugin in Geeklog before 1.8.2sr1 and 2.0.0 before 2.0.0rc2 allows remote attackers to inject arbitrary web script or HTML via the calendar_type parameter to submit.php.... Read more

    Affected Products : geeklog
    • Published: Feb. 05, 2014
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-1247

    Cross-site scripting (XSS) vulnerability in the wireless configuration module in Cisco Prime Infrastructure allows remote attackers to inject arbitrary web script or HTML via an SSID that is not properly handled during display of the XML windowing table, ... Read more

    Affected Products : prime_infrastructure
    • Published: May. 31, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-0785

    Cross-site scripting (XSS) vulnerability in show_bug.cgi in Bugzilla before 3.6.13, 3.7.x and 4.0.x before 4.0.10, 4.1.x and 4.2.x before 4.2.5, and 4.3.x and 4.4.x before 4.4rc2 allows remote attackers to inject arbitrary web script or HTML via the id pa... Read more

    Affected Products : bugzilla
    • Published: Feb. 24, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 293932 Results