Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2012-0531

    Unspecified vulnerability in the PeopleSoft Enterprise Portal component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect integrity via unknown vectors related to Enterprise Portal.... Read more

    Affected Products : peoplesoft_products
    • EPSS Score: %0.32
    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-7229

    The Twitter module 6.x-5.x before 6.x-5.2, 7.x-5.x before 7.x-5.9, and 7.x-6.x before 7.x-6.0 for Drupal does not properly check access permissions, which allows remote authenticated users to post tweets to arbitrary accounts by leveraging the (1) "post t... Read more

    Affected Products : twitter
    • EPSS Score: %0.16
    • Published: Sep. 17, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0968

    Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows... Read more

    • EPSS Score: %0.17
    • Published: Jul. 19, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-6734

    IBM WebSphere eXtreme Scale Client 7.1 through 8.6.0.4 does not properly isolate the cached data of different users, which allows remote authenticated users to obtain sensitive information in opportunistic circumstances by leveraging access to the same we... Read more

    Affected Products : websphere_extreme_scale_client
    • EPSS Score: %0.16
    • Published: Feb. 22, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2023-41332

    Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with `policy.cilium.io/proxy-visibility` annotations (in Cilium >= v1.13) or `... Read more

    Affected Products : cilium
    • EPSS Score: %0.03
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2014-8349

    Cross-site scripting (XSS) vulnerability in Liferay Portal Enterprise Edition (EE) 6.2 SP8 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the _20_body parameter in the comment field in an uploaded file.... Read more

    Affected Products : liferay_portal
    • EPSS Score: %0.25
    • Published: Nov. 24, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2012-4587

    McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1, when one-time provisioning (OTP) mode is enabled, have an improper dependency on DNS SRV records, which makes it easier for remote attackers to discover user passwords by sp... Read more

    • EPSS Score: %0.18
    • Published: Aug. 22, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-1082

    Cross-site scripting (XSS) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : typo3 terminal
    • EPSS Score: %0.21
    • Published: Feb. 14, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2007-1947

    Cross-zone scripting vulnerability in the DOM templates (domplates) used by the console.log function in the Firebug extension before 1.04 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbi... Read more

    Affected Products : firebug
    • EPSS Score: %4.30
    • Published: Apr. 11, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2014-5420

    CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded application password, which makes it easier for remote authenticated users to obtain application-file access via unspecified vectors.... Read more

    Affected Products : pyxis_supplystation
    • EPSS Score: %0.21
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2012-0092

    Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect integrity via unknown vectors related to Web, a different vulnerability than CVE-2012-0090.... Read more

    Affected Products : fusion_middleware
    • EPSS Score: %0.14
    • Published: Oct. 16, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2008-2037

    Multiple cross-site scripting (XSS) vulnerabilities in EditeurScripts EsContacts 1.0 allow remote authenticated users to inject arbitrary web script or HTML via the msg parameter to (1) login.php, (2) importer.php, (3) add_groupe.php, (4) contacts.php, (5... Read more

    Affected Products : escontacts
    • EPSS Score: %0.23
    • Published: Apr. 30, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2007-1828

    Multiple cross-site scripting (XSS) vulnerabilities in web-app.org WebAPP before 0.9.9.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the QUERY_STRING corresponding to drop downs or (2) various forms.... Read more

    Affected Products : webapp
    • EPSS Score: %0.36
    • Published: Apr. 03, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2015-4537

    Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase when a server lacks a D2.Lockbox file, which makes it easier for remote authenticated users to decrypt admin tickets by locating this passphrase in a decompiled D2 JAR archive.... Read more

    Affected Products : documentum_d2
    • EPSS Score: %0.18
    • Published: Aug. 22, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-2957

    Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.... Read more

    • EPSS Score: %0.17
    • Published: May. 27, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2019-19092

    ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message Authentication Code (MAC). Alterations to Viewstate might thus not be noticed.... Read more

    Affected Products : esoms
    • EPSS Score: %0.20
    • Published: Apr. 02, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2012-3871

    Cross-site scripting (XSS) vulnerability in data/hybrid/i_hybrid.php in Open Constructor 3.12.0 allows remote authenticated users to inject arbitrary web script or HTML via the header parameter.... Read more

    Affected Products : openconstructor
    • EPSS Score: %0.22
    • Published: Dec. 28, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-4003

    Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3.1.1, and 8, allow remote authenticated users to inject arbitrary web script or HTML via (1) unspecified input to WebProcess.srv, (2) unspecified... Read more

    Affected Products : tririga_application_platform
    • EPSS Score: %0.19
    • Published: Aug. 29, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-4962

    Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before ... Read more

    • EPSS Score: %0.07
    • Published: Jan. 03, 2016
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-4523

    Cross-site scripting (XSS) vulnerability in message/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted message.... Read more

    Affected Products : moodle
    • EPSS Score: %0.21
    • Published: Nov. 26, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 291750 Results