Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2014-9042

    Cross-site scripting (XSS) vulnerability in the import functionality in the bookmarks application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote authenticated users to inject arbitrary web script or HTML by importing a lin... Read more

    Affected Products : owncloud owncloud_server
    • EPSS Score: %0.18
    • Published: Feb. 04, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-3801

    OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list.... Read more

    Affected Products : heat
    • EPSS Score: %0.43
    • Published: May. 23, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-0507

    Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.... Read more

    Affected Products : mysql
    • EPSS Score: %0.47
    • Published: Apr. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-5572

    Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldap_bind_password value in the HTML source code.... Read more

    Affected Products : zabbix
    • EPSS Score: %7.82
    • Published: Oct. 01, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-4428

    OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to ... Read more

    Affected Products : ubuntu_linux glance
    • EPSS Score: %0.21
    • Published: Oct. 27, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-2269

    Multiple cross-site scripting (XSS) vulnerabilities in lib/javascript-static.js in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) alt o... Read more

    Affected Products : moodle
    • EPSS Score: %0.53
    • Published: Jun. 01, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-1944

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : websphere_portal
    • EPSS Score: %0.16
    • Published: Jul. 14, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-4460

    Cross-site scripting (XSS) vulnerability in account_sponsor_page.php in MantisBT 1.0.0 through 1.2.15 allows remote authenticated users to inject arbitrary web script or HTML via a project name.... Read more

    Affected Products : mantisbt
    • EPSS Score: %0.21
    • Published: Jan. 10, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2024-2004

    When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.s... Read more

    • Published: Mar. 27, 2024
    • Modified: Jul. 30, 2025

  • 3.5

    LOW
    CVE-2015-1922

    The Data Movement implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to bypass intended access restrictions and delete table rows via unspecified... Read more

    Affected Products : db2
    • EPSS Score: %0.23
    • Published: Jul. 20, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-6725

    Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote authenticated administrators to inject arbitrary web script or HTM... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %0.29
    • Published: Jan. 16, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-4995

    Cross-site scripting (XSS) vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query that is not properly handled during the display of row in... Read more

    Affected Products : phpmyadmin
    • EPSS Score: %0.21
    • Published: Jul. 31, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-5002

    Cross-site scripting (XSS) vulnerability in libraries/schema/Export_Relation_Schema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber val... Read more

    Affected Products : phpmyadmin
    • EPSS Score: %0.21
    • Published: Jul. 31, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2024-10214

    Mattermost versions 9.11.X <= 9.11.1, 9.5.x <= 9.5.9 icorrectly issues two sessions when using desktop SSO - one in the browser and one in desktop with incorrect settings.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Oct. 28, 2024
    • Modified: Nov. 05, 2024

  • 3.5

    LOW
    CVE-2013-5414

    The migration functionality in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 does not properly support the distinction between the admin role and the adminsecmanager role, which allows remote authen... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %0.16
    • Published: Nov. 18, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-4861

    Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.... Read more

    • EPSS Score: %0.48
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0405

    Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to... Read more

    Affected Products : vm_virtualbox
    • EPSS Score: %0.06
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-0427

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via vectors related to FTS.... Read more

    Affected Products : mysql
    • EPSS Score: %0.66
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-5418

    Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %0.16
    • Published: Nov. 18, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-2641

    Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.... Read more

    Affected Products : ubuntu_linux mysql
    • EPSS Score: %0.72
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 292124 Results