Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2017-7517

    An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called "MyProject", and then later deletes it another user can then crea... Read more

    Affected Products : openshift
    • EPSS Score: %0.24
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 3.5

    LOW
    CVE-2016-5618

    Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.2.0.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality via vectors related to Cod... Read more

    Affected Products : data_integrator
    • EPSS Score: %0.18
    • Published: Oct. 25, 2016
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2020-27601

    In BigBlueButton before 2.2.7, lockSettingsProps.disablePrivateChat does not apply to already opened chats. This occurs in bigbluebutton-html5/imports/ui/components/chat/service.js.... Read more

    Affected Products : bigbluebutton
    • EPSS Score: %0.31
    • Published: Sep. 29, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2016-0370

    Cross-site scripting (XSS) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an application that was built with this product.... Read more

    Affected Products : forms_experience_builder
    • EPSS Score: %0.16
    • Published: Sep. 01, 2016
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2012-0090

    Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect integrity via unknown vectors related to Web, a different vulnerability than CVE-2012-0092.... Read more

    Affected Products : fusion_middleware
    • EPSS Score: %0.14
    • Published: Oct. 16, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-0108

    Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web, a different vulnerability than CVE-2012... Read more

    Affected Products : fusion_middleware
    • EPSS Score: %0.14
    • Published: Oct. 16, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-0128

    Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix4, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different... Read more

    Affected Products : rational_quality_manager
    • EPSS Score: %0.17
    • Published: Mar. 18, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2012-0086

    Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web, a different vulnerability than CVE-2012... Read more

    Affected Products : fusion_middleware
    • EPSS Score: %0.14
    • Published: Oct. 16, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2009-3210

    Multiple cross-site scripting (XSS) vulnerabilities in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.8 and 6.x before 6.x-1.8, a module for Drupal, allow remote authenticated users to inject arbitrary web script or HTML via unsp... Read more

    Affected Products : drupal print
    • EPSS Score: %0.34
    • Published: Sep. 16, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2008-7286

    IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino does not properly handle URLs that request images, which allows remote authenticated users to cause a denial of service (daemon crash) via a request to resources.nsf, aka SPR XFXF7JDBCX.... Read more

    Affected Products : lotus_quickr lotus_domino
    • EPSS Score: %0.34
    • Published: Mar. 22, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-0130

    Cross-site scripting (XSS) vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Quality Manager (RQM) 4.x before 4.0.7 IF6 and 5.x before 5.0.... Read more

    • EPSS Score: %0.17
    • Published: Jul. 20, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2012-5942

    Cross-site scripting (XSS) vulnerability in the Data Management Portal Web User Interface in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 allows remote authenticated users to inject content, and conduct phishing attacks... Read more

    • EPSS Score: %0.19
    • Published: Mar. 06, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-1842

    Cross-site scripting (XSS) vulnerability in checkQKMProg.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote att... Read more

    • EPSS Score: %0.83
    • Published: Mar. 22, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-1727

    Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Document Rep... Read more

    Affected Products : e-business_suite
    • EPSS Score: %0.38
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-3949

    Cross-site scripting (XSS) vulnerability in the layout wizard in the Grid Elements (gridelements) extension before 1.5.1 and 2.0.x before 2.0.3 for TYPO3 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vect... Read more

    Affected Products : typo3 gridelements
    • EPSS Score: %0.20
    • Published: Jun. 04, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2022-45819

    Missing Authorization vulnerability in Popup Maker Popup Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Maker: from n/a through 1.17.1.... Read more

    Affected Products : popup_maker
    • Published: Dec. 13, 2024
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2006-2632

    Cross-site scripting (XSS) vulnerability in Andrew Godwin ByteHoard 2.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via file descriptions.... Read more

    Affected Products : bytehoard
    • EPSS Score: %0.39
    • Published: May. 30, 2006
    • Modified: Apr. 03, 2025

  • 3.5

    LOW
    CVE-2021-20761

    Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker with an administrative privilege to alter the data of E-mail without the appropriate privilege.... Read more

    Affected Products : garoon
    • EPSS Score: %0.15
    • Published: Aug. 18, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2020-18463

    Cross Site Request Forgery (CSRF) vulnerability exists in v2.0.0 in video_list.php, which can let a malicious user delete a video message.... Read more

    Affected Products : aikcms
    • EPSS Score: %0.10
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2021-25014

    The Ibtana WordPress plugin before 1.1.4.9 does not have authorisation and CSRF checks in the ive_save_general_settings AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings which could lead to Store... Read more

    Affected Products : ibtana
    • EPSS Score: %0.14
    • Published: Feb. 14, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291775 Results