Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2020-6353

    SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is cau... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • Published: Sep. 09, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-31921

    Cross-Site Request Forgery (CSRF) vulnerability in Etoile Web Design Ultimate Product Catalogue.This issue affects Ultimate Product Catalogue: from n/a through 5.2.15. ... Read more

    Affected Products :
    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-16175

    A clickjacking vulnerability was found in Limesurvey before 3.17.14.... Read more

    Affected Products : limesurvey
    • Published: Sep. 09, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-1603

    Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) param parameter to admin/load.php or (2) user, (3) email, or (4) name parameter in a Save Settings action ... Read more

    Affected Products : getsimple_cms getsimple_cms
    • Published: May. 14, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2020-9987

    An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 14.0. Visiting a malicious website may lead to address bar spoofing.... Read more

    Affected Products : safari
    • Published: Dec. 08, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-5648

    Multiple cross-site scripting (XSS) vulnerabilities in rnote.php in rNote 0.9.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) d or the (2) u parameter.... Read more

    Affected Products : rnote
    • Published: Oct. 23, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2014-3367

    Cross-site scripting (XSS) vulnerability in the vCloud Director component in Cisco Nexus 1000V InterCloud for VMware allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuq90524.... Read more

    Affected Products : cisco_nexus_1000v_intercloud
    • Published: Sep. 20, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2007-5010

    Cross-site scripting (XSS) vulnerability in WebBatch allows remote attackers to inject arbitrary web script or HTML via the URL to webbatch.exe.... Read more

    Affected Products : webbatch
    • Published: Sep. 20, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2013-0317

    Cross-site scripting (XSS) vulnerability in the Manager Change for Organic Groups (og_manager_change) module 7.x-2.x before 7.x-2.1 for Drupal might allow remote attackers to inject arbitrary web script or HTML via the username in the new manager autocomp... Read more

    Affected Products : drupal og_manager_change
    • Published: Mar. 27, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-26177

    In tangro Business Workflow before 1.18.1, a user's profile contains some items that are greyed out and thus are not intended to be edited by regular users. However, this restriction is only applied client-side. Manipulating any of the greyed-out values i... Read more

    Affected Products : business_workflow
    • Published: Dec. 18, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-12213

    A vulnerability in the dynamic access control list (ACL) feature of Cisco IOS XE Software running on Cisco Catalyst 4000 Series Switches could allow an unauthenticated, adjacent attacker to cause dynamic ACL assignment to fail and the port to fail open. T... Read more

    Affected Products : ios_xe catalyst_4000 ios_xe
    • Published: Sep. 07, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2010-4544

    Cross-site scripting (XSS) vulnerability in the servlet in IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : lotus_notes_traveler notes_traveler
    • Published: Dec. 16, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-2221

    Cross-site scripting (XSS) vulnerability in PHP-I-BOARD 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : php-i-board
    • Published: Jun. 26, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-6592

    Apple Safari 2, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to... Read more

    Affected Products : safari
    • Published: Dec. 28, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2013-7317

    Multiple cross-site scripting (XSS) vulnerabilities in CS-Cart before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) settings_file or (2) data_file parameter to (a) ampie.swf, (b) amline.swf, or (c) amcolumn.swf.... Read more

    Affected Products : cs-cart
    • Published: Jan. 24, 2014
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-4964

    IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could be used to phish other users. IBM X-Force ID: 192419.... Read more

    • Published: Apr. 12, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-2104

    Directory traversal vulnerability in Orbit Downloader 3.0.0.4 and 3.0.0.5 allows user-assisted remote attackers to write arbitrary files via a metalink file containing directory traversal sequences in the name attribute of a file element.... Read more

    Affected Products : orbit_downloader
    • Published: May. 27, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2669

    Cross-site scripting (XSS) vulnerability in admin/editors/text/editor-body.php in Orbis CMS 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter.... Read more

    Affected Products : orbis_cms
    • Published: Jul. 08, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2018-0589

    Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to add a new form in the 'Forms' page via unspecified vectors.... Read more

    • Published: May. 14, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-3774

    Multiple cross-site scripting (XSS) vulnerabilities in items.php in TeamPass before 2.1.20 allow remote attackers to inject arbitrary web script or HTML via the group parameter, which is not properly handled in a (1) hid_cat or (2) open_folder form elemen... Read more

    Affected Products : teampass
    • Published: Aug. 07, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 294276 Results