Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2014-1988

    The Phone Messages feature in Cybozu Garoon 2.0.0 through 3.7 SP2 allows remote authenticated users to cause a denial of service (resource consumption) via unspecified vectors.... Read more

    Affected Products : garoon
    • EPSS Score: %0.43
    • Published: May. 02, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2017-17280

    NFC (Near Field Communication) module in Huawei mobile phones with software LON-AL00BC00 has an information leak vulnerability. The attacker has to trick a user to do some specific operations and then craft the NFC message to exploit this vulnerability. S... Read more

    Affected Products : lon-al00b_firmware lon-al00b
    • EPSS Score: %0.04
    • Published: Mar. 09, 2018
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2013-4790

    Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 before rev10, and 7.2.2 before rev9 relies on user-supplied data to predict the IMAP server hostname for an external domain name, which allows remote authenticated users to discover e-mai... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.28
    • Published: Sep. 05, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-5698

    Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and Server before 6.22.0 rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allows remote authenticated users to inject arbitrary web script or HTML vi... Read more

    • EPSS Score: %0.16
    • Published: Sep. 05, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-5811

    Unspecified vulnerability in the Oracle Health Sciences InForm component in Oracle Industry Applications 4.5 SP3, 4.5 SP3a-k, 4.6 SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0, 5.0 SP0a, 5.0 SP1, and 5.0 SP1a-b allows remote authentic... Read more

    Affected Products : industry_applications
    • EPSS Score: %0.14
    • Published: Oct. 16, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-1810

    FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate.... Read more

    Affected Products : iphone_os ipod_touch
    • EPSS Score: %0.12
    • Published: Sep. 09, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2008-4530

    Cross-site scripting (XSS) vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote authenticated users with permissions to inject arbitrary web script or HTML via unspecified vectors related to posting of answers.... Read more

    Affected Products : brilliant_gallery
    • EPSS Score: %0.15
    • Published: Oct. 09, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2013-6177

    Directory traversal vulnerability in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allows re... Read more

    Affected Products : document_sciences_xpression
    • EPSS Score: %0.41
    • Published: Nov. 21, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2011-4573

    Red Hat JBoss Operations Network (JON) before 2.4.2 does not properly enforce "modify resource" permissions for remote authenticated users when deleting a plug-in configuration update from the group connection properties history, which prevents such activ... Read more

    Affected Products : jboss_operations_network
    • EPSS Score: %0.13
    • Published: Apr. 01, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2010-0858

    Unspecified vulnerability in the E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote authenticated users to affect integrity via unknown vectors.... Read more

    Affected Products : e-business_suite
    • EPSS Score: %0.38
    • Published: Apr. 13, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-6310

    Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : marketing_platform
    • EPSS Score: %0.17
    • Published: Jun. 28, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-8602

    The Token Insert Entity module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote authenticated users with certain permissions to bypass intended access restrictions and possibly obtain sensitive information by inse... Read more

    Affected Products : token_insert_entity
    • EPSS Score: %0.12
    • Published: Dec. 17, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2009-0393

    Cross-site scripting (XSS) vulnerability in sysconf.cgi in Motorola Wimax modem CPEi300 allows remote authenticated users to inject arbitrary web script or HTML via the page parameter.... Read more

    Affected Products : cpei300
    • EPSS Score: %0.14
    • Published: Feb. 03, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2013-0590

    Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3, a different vulnerability than CVE-2013... Read more

    Affected Products : lotus_inotes lotus_domino
    • EPSS Score: %0.17
    • Published: Aug. 27, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-2969

    Cross-site scripting (XSS) vulnerability in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving invalid characters... Read more

    Affected Products : sterling_control_center
    • EPSS Score: %0.17
    • Published: Jun. 19, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-4938

    Cross-site scripting (XSS) vulnerability in the web interface in Pattern Insight 2.3 allows remote authenticated administrators to inject arbitrary web script or HTML via the banner message.... Read more

    Affected Products : pattern_insight
    • EPSS Score: %0.36
    • Published: Nov. 18, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-3740

    Cross-site scripting (XSS) vulnerability in SpiceWorks before 7.2.00195 allows remote authenticated users to inject arbitrary web script or HTML via the Summary field in a ticket request to the portal page.... Read more

    Affected Products : spiceworks
    • EPSS Score: %2.98
    • Published: Sep. 11, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2009-0359

    Multiple cross-site scripting (XSS) vulnerabilities in Samizdat before 0.6.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message title or (2) user full name.... Read more

    Affected Products : samizdat
    • EPSS Score: %0.34
    • Published: Feb. 17, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2007-4427

    Unspecified vulnerability in the login page redirection logic in the Cache' Server Page (CSP) implementation in InterSystems Cache' 2007.1.0.369.0 and 2007.1.1.420.0 allows remote authenticated users to modify data on a server, related to encoding of cert... Read more

    Affected Products : cache_database
    • EPSS Score: %0.22
    • Published: Aug. 20, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2013-3065

    Cross-site scripting (XSS) vulnerability in the Parental Controls section in Linksys EA6500 with firmware 1.1.28.147876 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Blocked Specific Sites section.... Read more

    Affected Products : ea6500_firmware ea6500
    • EPSS Score: %0.16
    • Published: Sep. 29, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 291647 Results