Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2008-6495

    Cross-site scripting (XSS) vulnerability in index.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 allows remote attackers to inject arbitrary web script or HTML via the album parameter.... Read more

    Affected Products : yappa-ng
    • Published: Mar. 20, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2020-35972

    An issue was discovered in YzmCMS V5.8. There is a CSRF vulnerability that can add member user accounts via member/member/add.html.... Read more

    Affected Products : yzmcms
    • Published: Jun. 03, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-10132

    Vulnerability in the Hospitality Hotel Mobile component of Oracle Hospitality Applications (subcomponent: Suite8/iOS). The supported version that is affected is 1.05. Easily exploitable vulnerability allows low privileged attacker with network access via ... Read more

    Affected Products : hospitality_hotel_mobile
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2013-5500

    Multiple cross-site scripting (XSS) vulnerabilities in the oraadmin service page in Cisco MediaSense allow remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuj23320, CSCuj23324, CSCuj23333, and CSCuj23338... Read more

    Affected Products : mediasense
    • Published: Sep. 20, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-2165

    Multiple cross-site scripting (XSS) vulnerabilities in the Report Viewer in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4.x, 5.x, and 6.x allow remote attackers to inject arbitrary web script or HTML via the (1) portal, (2) fromDate, (3) toDate... Read more

    • Published: Apr. 06, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2020-8811

    ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other users' profile pictures.... Read more

    Affected Products : bludit
    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2008-0838

    Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface in Sophos ES1000 and ES4000 Email Security Appliance 2.1.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) error and (2) go parameters to t... Read more

    Affected Products : es1000 es4000
    • Published: Feb. 20, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2022-4962

    A vulnerability was found in Apollo 2.0.0/2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /users of the component Configuration Center. The manipulation leads to improper authorization. The attack may ... Read more

    Affected Products : apollo
    • Published: Jan. 12, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-1550

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via unknown vectors related to WorkCenter.... Read more

    Affected Products : peoplesoft_products
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-1454

    The ELF file parser in Dr.Web 5.0.2.03300, eSafe 7.0.17.0, McAfee Gateway (formerly Webwasher) 2010.1C, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF... Read more

    • Published: Mar. 21, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-1456

    The TAR file parser in AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line... Read more

    • Published: Mar. 21, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-1647

    Multiple cross-site scripting (XSS) vulnerabilities in the "stand alone PHP application for the OSM Player," as used in the MediaFront module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.5 for Drupal, allow remote attackers to inject arbitrary web scri... Read more

    Affected Products : drupal mediafront
    • Published: Aug. 28, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2017-10218

    Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0.0 and 4.2.1.0. Easily exploitable vulnerability allows low privileged attacker with netw... Read more

    Affected Products : hospitality_guest_access
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2024-47767

    Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.113, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, users might see tracker names they should not ha... Read more

    Affected Products : tuleap
    • Published: Oct. 14, 2024
    • Modified: Oct. 17, 2024

  • 4.3

    MEDIUM
    CVE-2012-1669

    Directory traversal vulnerability in index.php in phpMoneyBooks before 1.0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter.... Read more

    Affected Products : phpmoneybooks
    • Published: Nov. 17, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2021-31464

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.3.37598. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malici... Read more

    Affected Products : reader windows 3d
    • Published: May. 07, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-10439

    A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.... Read more

    Affected Products : crx_content_package_deployer
    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2009-3450

    Multiple cross-site scripting (XSS) vulnerabilities in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allow remote attackers to inject arbitrary web script or HTML via parameters with names beginning with __ (underscore underscore) sequences, wh... Read more

    Affected Products : i-load
    • Published: Sep. 29, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-6534

    Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the 'POST /presets' request but not in the... Read more

    Affected Products : directus
    • Published: Aug. 15, 2024
    • Modified: May. 19, 2025

  • 4.3

    MEDIUM
    CVE-2013-1421

    Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php.... Read more

    Affected Products : webcalendar
    • Published: Apr. 22, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293631 Results