Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2013-2379

    Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 12.0.1 allows remote authenticated users to affect integrity via unknown vectors related to RT.... Read more

    Affected Products : financial_services_software
    • EPSS Score: %0.15
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-1679

    Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect integrity via unknown vectors related to Core-Base.... Read more

    Affected Products : financial_services_software
    • EPSS Score: %0.17
    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-6810

    Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[add... Read more

    Affected Products : invision_power_board
    • EPSS Score: %0.34
    • Published: Sep. 04, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-0590

    Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3, a different vulnerability than CVE-2013... Read more

    Affected Products : lotus_inotes lotus_domino
    • EPSS Score: %0.17
    • Published: Aug. 27, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2008-3095

    Cross-site scripting (XSS) vulnerability in the Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote authenticated users, with group owner permissions, to inject arbitrary web script or HTML via unsp... Read more

    • EPSS Score: %0.15
    • Published: Jul. 09, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2012-3111

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect integrity, related to TECH, a different vulnerability than CVE-2012-1762.... Read more

    Affected Products : peoplesoft_products
    • EPSS Score: %0.38
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-4523

    Cross-site scripting (XSS) vulnerability in message/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted message.... Read more

    Affected Products : moodle
    • EPSS Score: %0.21
    • Published: Nov. 26, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-0103

    Multiple cross-site scripting (XSS) vulnerabilities in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allow remote authenticated users to inject arbitrary web script or HTML v... Read more

    Affected Products : business_process_manager
    • EPSS Score: %0.18
    • Published: Mar. 24, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-0297

    Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) site_name or (2) site_url parameter to apps/external/ajax/set... Read more

    Affected Products : owncloud owncloud_server
    • EPSS Score: %0.18
    • Published: Mar. 14, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2009-0359

    Multiple cross-site scripting (XSS) vulnerabilities in Samizdat before 0.6.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message title or (2) user full name.... Read more

    Affected Products : samizdat
    • EPSS Score: %0.34
    • Published: Feb. 17, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2014-8898

    Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 b... Read more

    • EPSS Score: %0.17
    • Published: Dec. 22, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2022-38163

    A Drag and Drop spoof vulnerability was discovered in F-Secure SAFE Browser for Android and iOS version 19.0 and below. Drag and drop operation by user on address bar could lead to a spoofing of the address bar.... Read more

    Affected Products : safe
    • EPSS Score: %0.15
    • Published: Nov. 07, 2022
    • Modified: May. 02, 2025

  • 3.5

    LOW
    CVE-2024-54681

    Multiple bash files were present in the application's private directory. Bash files can be used on their own, by an attacker that has already full access to the mobile platform to compromise the translations for the application.... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Misconfiguration

  • 3.5

    LOW
    CVE-2014-8914

    Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vu... Read more

    Affected Products : business_process_manager
    • EPSS Score: %0.30
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-9499

    Cross-site scripting (XSS) vulnerability in the Godwin's Law module before 7.x-1.1 for Drupal, when using the dblog module, allows remote authenticated users to inject arbitrary web script or HTML via a Watchdog message.... Read more

    Affected Products : godwin\'s_law
    • EPSS Score: %0.23
    • Published: Jan. 09, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-1979

    Multiple cross-site scripting (XSS) vulnerabilities in the Error dialog in IBM Case Manager 5.2.1 before 5.2.1.2 allow remote authenticated users to inject arbitrary web script or HTML via crafted input to the (1) addressability or (2) comments component.... Read more

    Affected Products : case_manager
    • EPSS Score: %0.17
    • Published: Jul. 20, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-3353

    Cross-site scripting (XSS) vulnerability in the Field Display Label module before 7.x-1.3 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the alternate field label in content types settings.... Read more

    Affected Products : field_display_label
    • EPSS Score: %0.20
    • Published: Apr. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-3348

    Cross-site scripting (XSS) vulnerability in the Cloudwords for Multilingual Drupal module before 7.x-2.3 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title.... Read more

    Affected Products : cloudwords_for_multilingual
    • EPSS Score: %0.20
    • Published: Apr. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2010-1108

    Cross-site scripting (XSS) vulnerability in the Control Panel module 5.x through 5.x-1.5 and 6.x through 6.x-1.2 for Drupal allows remote authenticated users, with "administer blocks" privileges, to inject arbitrary web script or HTML via unspecified vect... Read more

    Affected Products : drupal controlpanel
    • EPSS Score: %0.23
    • Published: Mar. 25, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-2998

    frontcontroller.jsp in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to obtain sensitive information via an invalid action_code.... Read more

    • EPSS Score: %0.18
    • Published: May. 26, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 291773 Results