Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2008-0631

    Multiple ActiveX controls in MailBee.dll in MailBee Objects 5.5 allow remote attackers to (1) overwrite arbitrary files via the SaveToDisk method, or (2) modify files via the AddStringToFile method.... Read more

    Affected Products : mailbee_objects
    • Published: Feb. 06, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2016-0367

    IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 allows remote authenticated users to obtain sensitive information by reading an error message. IBM X-Force ID: 112072.... Read more

    • Published: Feb. 21, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-0351

    IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 does not set the secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission... Read more

    • Published: Feb. 21, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-4206

    Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266.... Read more

    Affected Products : unified_communications_manager
    • Published: Dec. 15, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2011-4035

    Cross-site scripting (XSS) vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vecto... Read more

    • Published: Dec. 02, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-3759

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to PIA Search Functionality.... Read more

    • Published: Jul. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-0936

    Cross-site scripting (XSS) vulnerability in web/springframework/security/SecurityAuthenticationEventOnmsEventBuilder.java in OpenNMS 1.8.x before 1.8.17, 1.9.93 and earlier, and 1.10.x before 1.10.1 allows remote attackers to inject arbitrary web script o... Read more

    Affected Products : opennms opennms
    • Published: Jan. 29, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2022-23686

    Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the ... Read more

    Affected Products : aos-cx cx_6200f cx_6300 cx_6400 cx_8320 cx_8325 cx_8400 cx_8360 cx_10000 cx_9300 +3 more products
    • Published: Sep. 06, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-3710

    SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate a new secret key when the service starts, which allows remote attackers to defeat intended cryptographic protection mechanisms by leveraging knowledge of this key from a product instal... Read more

    Affected Products : suse_lifecycle_management_server
    • Published: Dec. 10, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-2511

    Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) startat or (2) entryId parameter.... Read more

    • Published: Aug. 20, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2009-0933

    Cross-site scripting (XSS) vulnerability in the administrative interface in Dotclear before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : dotclear
    • Published: Mar. 17, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-4251

    The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks.... Read more

    Affected Products : eventprime
    • Published: Oct. 31, 2023
    • Modified: Apr. 22, 2025

  • 4.3

    MEDIUM
    CVE-2019-10377

    A missing permission check in Jenkins Avatar Plugin 1.2 and earlier allows attackers with Overall/Read access to change the avatar of any user of Jenkins.... Read more

    Affected Products : avatar
    • Published: Aug. 07, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-1332

    Cross-site scripting (XSS) vulnerability in PrettyBook PrettyFormMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : prettyformmail
    • Published: Apr. 09, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-0484

    The server process in IBM Cognos TM1 10.1.x before 10.1.1 FP1 allows remote attackers to cause a denial of service (daemon crash) via an undocumented API call that triggers the transmission of unexpected data.... Read more

    Affected Products : cognos_tm1
    • Published: Jun. 19, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-0523

    IBM WebSphere Commerce Enterprise 5.6.x through 5.6.1.5, 6.0.x through 6.0.0.11, and 7.0.x through 7.0.0.7 does not use a suitable encryption algorithm for storefront web requests, which allows remote attackers to obtain sensitive information via a paddin... Read more

    Affected Products : websphere_commerce
    • Published: Jun. 21, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2023-1928

    The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_preload_single_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated atta... Read more

    Affected Products : wp_fastest_cache
    • Published: Apr. 06, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2008-6283

    Cross-site scripting (XSS) vulnerability in Subtext 2.0 allows remote attackers to inject arbitrary web script or HTML via a comment, related to "the feature which converts URLs to anchor tags."... Read more

    Affected Products : subtext
    • Published: Feb. 25, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2020-23586

    A vulnerability found in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to Add Network Traffic Control Type Rule.... Read more

    Affected Products : op-xt71000n_firmware op-xt71000n
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 4.3

    MEDIUM
    CVE-2020-15056

    TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name.... Read more

    Affected Products : tl-ps310u_firmware tl-ps310u
    • Published: Aug. 07, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294337 Results