Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2020-2933

    Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 5.1.48 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocol... Read more

    • EPSS Score: %0.13
    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2014-2287

    channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authe... Read more

    Affected Products : fedora asterisk certified_asterisk
    • EPSS Score: %22.86
    • Published: Apr. 18, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-2149

    Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.16 and 5.x before 5.0.7 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to shared files.... Read more

    Affected Products : owncloud owncloud_server
    • EPSS Score: %0.18
    • Published: Mar. 14, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-3102

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF28 and 8.0.0 before 8.0.0.1 CF13 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : websphere_portal
    • EPSS Score: %0.16
    • Published: Aug. 12, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-6725

    Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote authenticated administrators to inject arbitrary web script or HTM... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %0.29
    • Published: Jan. 16, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-2553

    Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields.... Read more

    Affected Products : otrs
    • EPSS Score: %0.21
    • Published: Apr. 02, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-2289

    res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service (crash) via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer... Read more

    Affected Products : asterisk
    • EPSS Score: %17.38
    • Published: Apr. 18, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-6215

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 before 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 allows remote authenticated users to inject arbitrary web... Read more

    Affected Products : websphere_portal
    • EPSS Score: %0.19
    • Published: Dec. 11, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-5002

    Cross-site scripting (XSS) vulnerability in libraries/schema/Export_Relation_Schema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber val... Read more

    Affected Products : phpmyadmin
    • EPSS Score: %0.21
    • Published: Jul. 31, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-0910

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, and 7.0.0 through 7.0.0.2 CF28 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : websphere_portal
    • EPSS Score: %1.28
    • Published: Jun. 18, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-7827

    The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a security domain is undefined, which allows remote authe... Read more

    • EPSS Score: %0.32
    • Published: Feb. 13, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-1922

    The Data Movement implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to bypass intended access restrictions and delete table rows via unspecified... Read more

    Affected Products : db2
    • EPSS Score: %0.23
    • Published: Jul. 20, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-3177

    Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering subscriptions to site-wide event-monitor rules, which allows remote authenticated users to obtain sensitive information via a subscription request.... Read more

    Affected Products : moodle
    • EPSS Score: %0.31
    • Published: Jun. 01, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-4995

    Cross-site scripting (XSS) vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query that is not properly handled during the display of row in... Read more

    Affected Products : phpmyadmin
    • EPSS Score: %0.21
    • Published: Jul. 31, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2006-0657

    Cross-site scripting (XSS) vulnerability in Softcomplex PHP Event Calendar 1.5 allows remote authenticated users to inject arbitrary web script or HTML, and corrupt data, via the (1) username and (2) password parameters, which are not sanitized before bei... Read more

    Affected Products : php_event_calendar
    • EPSS Score: %0.39
    • Published: Feb. 13, 2006
    • Modified: Apr. 03, 2025

  • 3.5

    LOW
    CVE-2014-6568

    Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.... Read more

    • EPSS Score: %0.29
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-4460

    Cross-site scripting (XSS) vulnerability in account_sponsor_page.php in MantisBT 1.0.0 through 1.2.15 allows remote authenticated users to inject arbitrary web script or HTML via a project name.... Read more

    Affected Products : mantisbt
    • EPSS Score: %0.21
    • Published: Jan. 10, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-4428

    OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to ... Read more

    Affected Products : ubuntu_linux glance
    • EPSS Score: %0.21
    • Published: Oct. 27, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-5304

    Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.5 does not properly authorize access to shut down the server, which allows remote authenticated users with the Monitor, Deployer, or Auditor role to cause a denial of service via unspecified v... Read more

    • EPSS Score: %1.29
    • Published: Dec. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-6178

    Cross-site scripting (XSS) vulnerability in the widgets in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.0.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • EPSS Score: %0.16
    • Published: Dec. 24, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 291672 Results