Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2014-0861

    Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote attackers to inject arbitrary web script o... Read more

    Affected Products : cognos_business_intelligence
    • EPSS Score: %0.17
    • Published: Feb. 22, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-8578

    Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a d... Read more

    Affected Products : horizon
    • EPSS Score: %0.34
    • Published: Oct. 31, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0832

    Multiple cross-site scripting (XSS) vulnerabilities in configuration-details screens in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted t... Read more

    Affected Products : financial_transaction_manager
    • EPSS Score: %0.17
    • Published: Feb. 01, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-9346

    Multiple cross-site scripting (XSS) vulnerabilities in the Hierarchical Select module 6.x-3.x before 6.x-3.9 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to the (1) taxonom... Read more

    Affected Products : hierarchical_select
    • EPSS Score: %0.15
    • Published: Dec. 08, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-2090

    Multiple cross-site scripting (XSS) vulnerabilities in ilias.php in ILIAS 4.4.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tar, (2) tar_val, or (3) title parameter.... Read more

    Affected Products : ilias
    • EPSS Score: %0.31
    • Published: Mar. 02, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2012-4934

    TomatoCart 1.1.7, when the PayPal Express Checkout module is enabled in sandbox mode, allows remote authenticated users to bypass intended payment requirements by modifying a certain redirection URL.... Read more

    Affected Products : tomatocart
    • EPSS Score: %0.40
    • Published: Oct. 31, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-1733

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect confidentiality via unknown vectors related to CM.... Read more

    Affected Products : peoplesoft_products
    • EPSS Score: %0.38
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-2113

    Multiple cross-site request forgery (CSRF) vulnerabilities in The Uniform Server 5.6.5 allow remote attackers to hijack the authentication of administrators for requests that change passwords via (1) apsetup.php, (2) psetup.php, (3) sslpsetup.php, or (4) ... Read more

    Affected Products : uniformserver
    • EPSS Score: %0.11
    • Published: May. 28, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-2445

    Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect integrity via unknown vectors related to Security, a different vulnerability than CVE-2014-2467.... Read more

    Affected Products : supply_chain_products_suite
    • EPSS Score: %0.15
    • Published: Apr. 16, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-8319

    Cross-site scripting (XSS) vulnerability in the easy_social_admin_summary function in the Easy Social module 7.x-2.x before 7.x-2.11 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a block t... Read more

    Affected Products : easy_social
    • EPSS Score: %0.25
    • Published: Oct. 17, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-1851

    Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.13 and 4.5.x before 4.5.8, when the user_migrate application is enabled, allows remote authenticated users to import arbitrary files to the user's account via unspecified vectors... Read more

    Affected Products : owncloud owncloud_server
    • EPSS Score: %0.17
    • Published: Mar. 14, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2025-2295

    EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service.... Read more

    Affected Products : edk2
    • Published: Mar. 14, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Denial of Service

  • 3.5

    LOW
    CVE-2023-37541

    HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios.... Read more

    Affected Products : connections
    • Published: Jun. 25, 2024
    • Modified: Feb. 26, 2025

  • 3.5

    LOW
    CVE-2024-41839

    Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affec... Read more

    • Published: Jul. 23, 2024
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2008-2764

    Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla Absolute Live Support XE 5.1 allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors ("all fields").... Read more

    Affected Products : absolute_live_support_xe
    • EPSS Score: %0.24
    • Published: Jun. 18, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2008-2831

    Multiple cross-site scripting (XSS) vulnerabilities in the delegated spam management feature in the Spam Quarantine Management (SQM) component in MailMarshal SMTP 6.0.3.8 through 6.3.0.0 allow user-assisted remote authenticated users to inject arbitrary w... Read more

    Affected Products : e10000_appliance smtp
    • EPSS Score: %0.34
    • Published: Oct. 02, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2008-2758

    Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute News Manager XE 3.2 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) pblname and (2) text parameters to (a) admin/search.asp, (3) name parame... Read more

    Affected Products : absolute_news_manager_xe
    • EPSS Score: %0.36
    • Published: Jun. 18, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2006-0810

    Unspecified vulnerability in config.php in Skate Board 0.9 allows remote authenticated administrators to execute arbitrary PHP code by causing certain variables in config.php to be modified, possibly due to XSS or direct static code injection.... Read more

    Affected Products : skate_board
    • EPSS Score: %0.42
    • Published: Feb. 21, 2006
    • Modified: Apr. 03, 2025

  • 3.5

    LOW
    CVE-2006-0657

    Cross-site scripting (XSS) vulnerability in Softcomplex PHP Event Calendar 1.5 allows remote authenticated users to inject arbitrary web script or HTML, and corrupt data, via the (1) username and (2) password parameters, which are not sanitized before bei... Read more

    Affected Products : php_event_calendar
    • EPSS Score: %0.39
    • Published: Feb. 13, 2006
    • Modified: Apr. 03, 2025

  • 3.5

    LOW
    CVE-2008-2761

    Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute Banner Manager XE 2.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the text parameter in (1) searchbanners.asp and (2) listadvertisers.asp, and o... Read more

    Affected Products : absolute_banner_manager
    • EPSS Score: %0.36
    • Published: Jun. 18, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 292522 Results