Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2012-2214

    proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service (application crash) via a sequence of XMPP file-transfer requests... Read more

    Affected Products : pidgin
    • EPSS Score: %0.54
    • Published: Jul. 03, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-4460

    Cross-site scripting (XSS) vulnerability in account_sponsor_page.php in MantisBT 1.0.0 through 1.2.15 allows remote authenticated users to inject arbitrary web script or HTML via a project name.... Read more

    Affected Products : mantisbt
    • EPSS Score: %0.21
    • Published: Jan. 10, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-4995

    Cross-site scripting (XSS) vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query that is not properly handled during the display of row in... Read more

    Affected Products : phpmyadmin
    • EPSS Score: %0.21
    • Published: Jul. 31, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-5418

    Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %0.16
    • Published: Nov. 18, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-4235

    Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, and 12.2.3 allows remote authenticated users to affect integrity via unknown vectors.... Read more

    Affected Products : e-business_suite
    • EPSS Score: %0.44
    • Published: Jul. 17, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-4739

    Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote authenticated users to affect integrity via unknown vectors related to Help screens.... Read more

    Affected Products : e-business_suite
    • EPSS Score: %0.15
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2025-1623

    The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is d... Read more

    Affected Products : gdpr_cookie_compliance
    • Published: Mar. 16, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2023-23934

    Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cook... Read more

    Affected Products : werkzeug
    • EPSS Score: %0.27
    • Published: Feb. 14, 2023
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2024-12173

    The Master Slider WordPress plugin before 3.10.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is... Read more

    Affected Products : master_slider
    • Published: Feb. 19, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2025-48219

    O2 UK before 2025-05-19 allows subscribers to determine the Cell ID of other subscribers by initiating an IMS (IP Multimedia Subsystem) call and then reading the utran-cell-id-3gpp field of a Cellular-Network-Info SIP header, aka an ECI (E-UTRAN Cell Iden... Read more

    Affected Products :
    • Published: May. 18, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Information Disclosure

  • 3.5

    LOW
    CVE-2025-53862

    A flaw was found in Ansible. Three API endpoints are accessible and return verbose, unauthenticated responses. This flaw allows a malicious user to access data that may contain important information.... Read more

    Affected Products : ansible_automation_platform
    • Published: Jul. 11, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Authentication

  • 3.5

    LOW
    CVE-2015-1617

    Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : data_loss_prevention_endpoint
    • EPSS Score: %0.18
    • Published: Feb. 17, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-6592

    Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity via vectors related to SAML, a different vulnerability than CVE-2015-0389.... Read more

    Affected Products : fusion_middleware opensso
    • EPSS Score: %0.15
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2012-3396

    Cross-site scripting (XSS) vulnerability in cohort/edit_form.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the idnumb... Read more

    Affected Products : moodle
    • EPSS Score: %0.21
    • Published: Jul. 23, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2021-2045

    Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network ... Read more

    Affected Products : text
    • EPSS Score: %0.31
    • Published: Jan. 20, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2013-5001

    Cross-site scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object... Read more

    Affected Products : phpmyadmin
    • EPSS Score: %0.18
    • Published: Jul. 31, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2009-5060

    Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.11 services for Lotus Domino might allow remote authenticated users to cause a denial of service (daemon crash) by accessing an entry in a calendar, aka SPR MZHA7SEBJX.... Read more

    Affected Products : lotus_quickr lotus_domino
    • EPSS Score: %0.34
    • Published: Mar. 22, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-3810

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA Transactions.... Read more

    Affected Products : mysql
    • EPSS Score: %0.67
    • Published: Jul. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-3779

    Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox... Read more

    Affected Products : dovecot
    • EPSS Score: %0.30
    • Published: Oct. 06, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-3742

    Cross-site scripting (XSS) vulnerability in view_create.php (aka the Create View page) in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an invalid SQL CREATE VIEW statement with a crafted name tha... Read more

    Affected Products : phpmyadmin
    • EPSS Score: %0.18
    • Published: Jul. 04, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 291782 Results