Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2014-3363

    Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq68443.... Read more

    Affected Products : unified_communications_manager
    • Published: Sep. 12, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2007-4826

    bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service (crash) via a malformed (1) OPEN message or (2) a COMMUNITY attribute, which triggers a NULL pointer dereference. NOTE: vector 2 only exists when debugging is... Read more

    Affected Products : quagga
    • Published: Sep. 12, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2014-4836

    Cross-site scripting (XSS) vulnerability in breakOutWithName.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbitrary web s... Read more

    Affected Products : tririga_application_platform
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-4803

    CRLF injection vulnerability in the Universal Access implementation in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix007, and 6.0.5 before 6.0.5.5 iFix003, when WebSphere Application Server is not used, allows remote au... Read more

    Affected Products : curam_social_program_management
    • Published: Feb. 13, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2020-2933

    Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 5.1.48 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocol... Read more

    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2014-4801

    Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x through 2.0.1.1, 3.x before 3.0.1.6 iFix 4, 4.x before 4.0.7 iFix 2, and 5.x before 5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted U... Read more

    Affected Products : rational_quality_manager
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2005-3205

    Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to inject arbitrary web script or HTML via script in the "set markup HTML TABLE" command, which is executed when the use... Read more

    Affected Products : database_server
    • Published: Oct. 14, 2005
    • Modified: Apr. 03, 2025

  • 3.5

    LOW
    CVE-2014-4348

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name that is improperly handled after presence in (a)... Read more

    Affected Products : phpmyadmin
    • Published: Jun. 25, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2020-11058

    In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a disconnect due to an invalid data read. This has been fi... Read more

    Affected Products : ubuntu_linux debian_linux freerdp
    • Published: May. 12, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2014-3013

    Multiple cross-site scripting (XSS) vulnerabilities in IBM Curam Social Program Management 4.5 SP10 through 6.0.5.4 allow remote authenticated users to inject arbitrary web script or HTML via crafted input to a (1) custom JSP or (2) custom renderer.... Read more

    Affected Products : curam_social_program_management
    • Published: Jun. 18, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-2971

    Cross-site scripting (XSS) vulnerability in AddStdLetter.jsp in MicroPact iComplaints before 8.0.2.1.8.8014 allows remote authenticated users to inject arbitrary web script or HTML via the description parameter.... Read more

    Affected Products : icomplaints
    • Published: Jul. 24, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2020-2516

    Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Materialized View, Create Table p... Read more

    Affected Products : database database_server
    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2014-4787

    Cross-site scripting (XSS) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote authenticated users to inject arbitrary web script or HTML via un... Read more

    Affected Products : initiate_master_data_service
    • Published: Sep. 10, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-4245

    Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality via unknown vectors.... Read more

    Affected Products : database_server
    • Published: Jul. 17, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2019-4271

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. IBM X-Force ID: 160243.... Read more

    Affected Products : websphere_application_server
    • Published: Sep. 17, 2019
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2014-6159

    IBM DB2 9.7 before FP10, 9.8 through FP5, 10.1 through FT4, and 10.5 through FP4 on Linux, UNIX, and Windows, when immediate AUTO_REVAL is enabled, allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE sta... Read more

    Affected Products : db2
    • Published: Nov. 08, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2024-30261

    Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) ... Read more

    Affected Products : fedora undici
    • Published: Apr. 04, 2024
    • Modified: Dec. 18, 2024

  • 3.5

    LOW
    CVE-2021-25740

    A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.... Read more

    Affected Products : kubernetes
    • Published: Sep. 20, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2014-6093

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : websphere_portal
    • Published: Nov. 26, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-6237

    Cross-site scripting (XSS) vulnerability in the News Pack extension 0.1.0 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : news_pack
    • Published: Sep. 11, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 292769 Results