Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2013-0785

    Cross-site scripting (XSS) vulnerability in show_bug.cgi in Bugzilla before 3.6.13, 3.7.x and 4.0.x before 4.0.10, 4.1.x and 4.2.x before 4.2.5, and 4.3.x and 4.4.x before 4.4rc2 allows remote attackers to inject arbitrary web script or HTML via the id pa... Read more

    Affected Products : bugzilla
    • Published: Feb. 24, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-4972

    Multiple cross-site scripting (XSS) vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) sys_solution_id, (2) sys_requesttype_id, (3) sys_problem_desc, (4) sys_solution_desc, (5) sys_problemsumm... Read more

    Affected Products : helpbox
    • Published: Dec. 12, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-0805

    Multiple cross-site scripting (XSS) vulnerabilities in the search feature in iTop (aka IT Operations Portal) 2.0, 1.2.1, 1.2, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to pages/UI.php or (2) expre... Read more

    Affected Products : itop
    • Published: Mar. 20, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-1636

    Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link Lite plugin before 1.6.3 for WordPress, JNews (com_jnews) component 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4.2.9 ... Read more

    • Published: Mar. 12, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-4950

    Cross-site scripting (XSS) vulnerability in the Keyword Search page in the web interface in Pattern Insight 2.3 allows remote attackers to inject arbitrary web script or HTML via crafted characters that are not properly handled during construction of erro... Read more

    Affected Products : pattern_insight
    • Published: Nov. 18, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-5097

    Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 10.1.4.3.0, 11.1.1.5.0, and 11.1.2.0.0 allows remote attackers to affect integrity, related to OAM Webgate.... Read more

    Affected Products : fusion_middleware
    • Published: Jan. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-3159

    Microsoft Excel 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Excel Viewer; and Microsoft Office Compatibility Pack SP3 allow remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity ... Read more

    Affected Products : excel
    • Published: Sep. 11, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-5056

    Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) readyCallback parameter to apps/files_odfviewer/src/webodf/webodf/flashput/PUT.swf, the (2) root ... Read more

    Affected Products : owncloud owncloud_server
    • Published: Jun. 04, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2020-24405

    Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions issue vulnerability in the Inventory module. This vulnerability could be abused by authenticated users to modify inventory stock data without authorization.... Read more

    Affected Products : magento magento_commerce
    • Published: Nov. 09, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-3833

    Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5.0 and 11.1.2.0.0 allows remote attackers to affect integrity via unknown vectors related to Authentication Engine.... Read more

    Affected Products : fusion_middleware
    • Published: Oct. 16, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-1055

    The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks ... Read more

    • Published: Apr. 07, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-1171

    Multiple cross-site scripting (XSS) vulnerabilities in the element-list implementation in Cisco Connected Grid Network Management System (CG-NMS) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCue14517... Read more

    • Published: Apr. 01, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-17411

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 10.0.0.35798. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ma... Read more

    Affected Products : phantompdf windows 3d
    • Published: Oct. 13, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2011-4969

    Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.... Read more

    Affected Products : jquery
    • Published: Mar. 08, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-1646

    Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary web script or HTML via (1) invalid JSON data in a mail-sending POST req... Read more

    Affected Products : open-xchange_server
    • Published: Sep. 05, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-1070

    Cross-site scripting (XSS) vulnerability in the API in Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the op parameter to nodes/.... Read more

    • Published: Feb. 17, 2014
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-6439

    Cross-site scripting (XSS) vulnerability in the CORS functionality in Elasticsearch before 1.4.0.Beta1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : elasticsearch
    • Published: Oct. 10, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-0256

    darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.... Read more

    Affected Products : ruby ubuntu_linux rdoc
    • Published: Mar. 01, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-1140

    The XML parser in Cisco Security Monitoring, Analysis, and Response System (MARS) allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, ak... Read more

    • Published: Mar. 06, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-4939

    Cross-site scripting (XSS) vulnerability in IPAMSummaryView.aspx in the IPAM web interface before 3.0-HotFix1 in SolarWinds Orion Network Performance Monitor might allow remote attackers to inject arbitrary web script or HTML via the "Search for an IP add... Read more

    • Published: Oct. 31, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 293562 Results