Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2015-2827

    Cross-site scripting (XSS) vulnerability in CA Spectrum 9.2.x and 9.3.x before 9.3 H02 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : spectrum spectrum
    • Published: Apr. 08, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-7274

    Cross-site scripting (XSS) vulnerability in Wallpaper Script 3.5.0082 allows remote authenticated users to inject arbitrary web script or HTML via the title field in a wallpaper file upload.... Read more

    Affected Products : wallpaperscript
    • Published: Jan. 08, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-4938

    Cross-site scripting (XSS) vulnerability in the web interface in Pattern Insight 2.3 allows remote authenticated administrators to inject arbitrary web script or HTML via the banner message.... Read more

    Affected Products : pattern_insight
    • Published: Nov. 18, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2023-41332

    Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with `policy.cilium.io/proxy-visibility` annotations (in Cilium >= v1.13) or `... Read more

    Affected Products : cilium
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2012-4954

    The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a "parameter manipulation" issue.... Read more

    Affected Products : vanilla_forums vanilla
    • Published: Nov. 15, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-1890

    /usr/lpp/mmfs/bin/gpfs.snap in IBM General Parallel File System (GPFS) 4.1 before 4.1.0.7 produces an archive potentially containing cleartext keys, and lacks a warning about reviewing this archive to detect included keys, which might allow remote attacke... Read more

    Affected Products : general_parallel_file_system
    • Published: Apr. 06, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-3840

    Multiple cross-site scripting (XSS) vulnerabilities in apps/common/templates/calculate_form_title.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a (1) tag or the (2) title of a source in a Staging folde... Read more

    Affected Products : mayan_edms
    • Published: May. 27, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2024-10515

    In the process of testing the SEO Plugin by Squirrly SEO WordPress plugin before 12.3.21, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor... Read more

    Affected Products : seo_plugin_by_squirrly_seo
    • Published: Nov. 20, 2024
    • Modified: Mar. 31, 2025

  • 3.5

    LOW
    CVE-2012-0509

    Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2 and 5.3.0 through 5.3.4 allows remote authenticated users to affect integrity via unknown vectors related to Core-Base.... Read more

    Affected Products : financial_services_software
    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2017-1150

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to view. IBM Reference #: 1999515.... Read more

    Affected Products : db2
    • Published: Mar. 08, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2015-0122

    Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix 5, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different v... Read more

    Affected Products : rational_team_concert
    • Published: Mar. 13, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2025-30235

    Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 is intended to disable accounts that have had more than 10 failed authentication attempts, but instead allows hundreds of failed authentication attempts, because concurrent attempts are mishandled.... Read more

    Affected Products : securaccess
    • Published: Mar. 19, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Authentication

  • 3.5

    LOW
    CVE-2025-25899

    A buffer overflow vulnerability was discovered in TP-Link TL-WR841ND V11 via the 'gw' parameter at /userRpm/WanDynamicIpV6CfgRpm.htm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.... Read more

    • Published: Feb. 13, 2025
    • Modified: Jun. 20, 2025
    • Vuln Type: Denial of Service

  • 3.5

    LOW
    CVE-2012-3224

    Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.1.0, 5.2.0, and 5.3.0 through 5.3.4 allows remote authenticated users to affect confidentiality, related to BASE.... Read more

    Affected Products : financial_services_software
    • Published: Oct. 17, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-2365

    Cross-site scripting (XSS) vulnerability in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the idnumber field to cohort/edit.php.... Read more

    Affected Products : moodle
    • Published: Jul. 21, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2024-33000

    SAP Bank Account Management does not perform necessary authorization check for an authorized user, resulting in escalation of privileges. As a result, it has a low impact to confidentiality to the system.... Read more

    Affected Products :
    • Published: May. 14, 2024
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2014-9017

    Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 (build 23338) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field in a Task to frontend/index.jsp.... Read more

    Affected Products : openkm
    • Published: Mar. 11, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2024-30107

    HCL Connections contains a broken access control vulnerability that may expose sensitive information to unauthorized users in certain scenarios. ... Read more

    Affected Products : connections
    • Published: Apr. 18, 2024
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2015-0913

    Cross-site scripting (XSS) vulnerability in EasyCTF before 1.4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : easyctf
    • Published: May. 01, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2022-23074

    In Recipes, versions 0.17.0 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in the ‘Name’ field of Keyword, Food and Unit components. When a victim accesses the Keyword/Food/Unit endpoints, the XSS payload will trigger. A low privileged... Read more

    Affected Products : recipes
    • Published: Jun. 21, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 292860 Results