Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2014-0889

    Multiple cross-site scripting (XSS) vulnerabilities in IBM Atlas Suite (aka Atlas Policy Suite), as used in Atlas eDiscovery Process Management through 6.0.3, Disposal and Governance Management for IT through 6.0.3, and Global Retention Policy and Schedul... Read more

    • Published: Jul. 29, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2006-1160

    Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote attackers to inject arbitrary web script or HTML via the Description field in creating a folder or uploading a file.... Read more

    Affected Products : efs_web_server
    • Published: Mar. 12, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2018-5380

    The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input.... Read more

    • Published: Feb. 19, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-0330

    Cross-site scripting (XSS) vulnerability in adminui/user_list.php on the Dell KACE K1000 management appliance 5.5.90545 allows remote attackers to inject arbitrary web script or HTML via the LABEL_ID parameter.... Read more

    • Published: Feb. 06, 2014
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-0638

    Cross-site scripting (XSS) vulnerability in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote attackers to inject arbitrary web script or HTML via vectors involving FRAME elements, related to a "cross-frame scripting" is... Read more

    • Published: Apr. 04, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-6169

    The TLS driver in ejabberd before 2.1.12 supports (1) SSLv2 and (2) weak SSL ciphers, which makes it easier for remote attackers to obtain sensitive information via a brute-force attack.... Read more

    Affected Products : ejabberd
    • Published: Oct. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-5930

    Cross-site scripting (XSS) vulnerability in search_residential.php in Real Estate PHP Script allows remote attackers to inject arbitrary web script or HTML via the bos parameter.... Read more

    Affected Products : real_estate_php_script
    • Published: Sep. 23, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-3058

    Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.... Read more

    Affected Products : chrome mac_os_x iphone_os
    • Published: Mar. 30, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-6858

    Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topology" page.... Read more

    Affected Products : ubuntu_linux opensuse horizon
    • Published: Nov. 23, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-0331

    Cross-site scripting (XSS) vulnerability in the web administration interface in FortiADC with firmware before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the locale parameter to gui_partA/.... Read more

    • Published: Apr. 10, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-100010

    Cross-site scripting (XSS) vulnerability in ClanSphere 2011.4 allows remote attackers to inject arbitrary web script or HTML via the where parameter in a list action to index.php.... Read more

    Affected Products : clansphere
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-100021

    Cross-site scripting (XSS) vulnerability in symfony/web/index.php/pim/viewEmployeeList in OrangeHRM before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the empsearch[employee_name][empId] parameter.... Read more

    Affected Products : orangehrm
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-10012

    Cross-site scripting (XSS) vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI.... Read more

    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-5953

    Multiple cross-site scripting (XSS) vulnerabilities in tmpl/layout_editevent.php in the Multi Calendar (com_multicalendar) component 4.0.2, and possibly 4.8.5 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (... Read more

    Affected Products : joomla\! com_multicalendar
    • Published: Mar. 19, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2010-4208

    Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/asse... Read more

    Affected Products : moodle bugzilla yui
    • Published: Nov. 07, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-2396

    Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect integrity via vectors related to HTML OAM client.... Read more

    Affected Products : e-business_suite
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-0639

    Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.4 SP1 P3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : rsa_archer_egrc
    • Published: May. 25, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-7342

    Cross-site scripting (XSS) vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.1 allows remote attackers to inject arbitrary web script or HTML via the callback parameter, a related issue to CVE-2013-7341.... Read more

    Affected Products : flowplayer_html5
    • Published: Mar. 24, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2020-24434

    Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this v... Read more

    • Published: Nov. 05, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-10009

    Multiple cross-site scripting (XSS) vulnerabilities in Stark CRM 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, or (3) notes parameter to the client page; (4) insu_name or (5) price parameter to th... Read more

    Affected Products : stark_crm
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293355 Results