Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2013-5326

    Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 12, 9.0.1 before Update 11, 9.0.2 before Update 6, and 10 before Update 12, when the CFIDE directory is available, allows remote authenticated users to inject arbitrary web scr... Read more

    Affected Products : coldfusion
    • EPSS Score: %0.49
    • Published: Nov. 13, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-4864

    Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.... Read more

    • EPSS Score: %0.35
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2012-2101

    Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request tha... Read more

    Affected Products : nova
    • EPSS Score: %0.88
    • Published: Jun. 07, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-0172

    Samba 4.0.x before 4.0.1, in certain Active Directory domain-controller configurations, does not properly interpret Access Control Entries that are based on an objectClass, which allows remote authenticated users to bypass intended restrictions on modifyi... Read more

    Affected Products : samba
    • EPSS Score: %0.21
    • Published: Jan. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2009-3629

    Multiple cross-site scripting (XSS) vulnerabilities in the Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allow remote authenticated users to inject arbitrary web script or HTML via un... Read more

    Affected Products : typo3
    • EPSS Score: %0.29
    • Published: Nov. 02, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2007-6421

    Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.... Read more

    Affected Products : http_server
    • EPSS Score: %3.77
    • Published: Jan. 08, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2012-1588

    Algorithmic complexity vulnerability in the _filter_url function in the text filtering system (modules/filter/filter.module) in Drupal 7.x before 7.14 allows remote authenticated users with certain roles to cause a denial of service (CPU consumption) via ... Read more

    Affected Products : drupal
    • EPSS Score: %0.84
    • Published: Oct. 01, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-6037

    Cross-site scripting (XSS) vulnerability in Microsoft Excel Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1, and SharePoint Foundation 2013 SP1 allows remote authentica... Read more

    • EPSS Score: %10.64
    • Published: Oct. 14, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2008-5250

    Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, 1.12.x before 1.12.2, and 1.13.x before 1.13.3, when Internet Explorer is used and uploads are enabled, or an SVG scripting browser is used and SVG uploads are enabled, allows remote aut... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.35
    • Published: Dec. 19, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2015-0505

    Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.... Read more

    • EPSS Score: %0.56
    • Published: Apr. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2006-3933

    Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.2.2 allows remote authenticated users to inject arbitrary web script or HTML via the message body.... Read more

    Affected Products : opencms
    • EPSS Score: %0.48
    • Published: Jul. 31, 2006
    • Modified: Apr. 03, 2025

  • 3.5

    LOW
    CVE-2012-5339

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a procedure, or (3) a trigger.... Read more

    Affected Products : phpmyadmin
    • EPSS Score: %0.26
    • Published: Oct. 25, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-3197

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication.... Read more

    • EPSS Score: %0.32
    • Published: Oct. 17, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-7812

    Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field.... Read more

    Affected Products : satellite spacewalk manager
    • EPSS Score: %0.21
    • Published: Jan. 15, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-7295

    The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting (XSS) attacks or have unspecified other impact via cr... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.31
    • Published: Oct. 07, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-5026

    Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a (1) Graph Tree Title in a delete or (2) edit action; (3) CDEF Name, (4) Data Input Method... Read more

    Affected Products : debian_linux opensuse cacti
    • EPSS Score: %0.35
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2012-2102

    MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.... Read more

    Affected Products : mysql mysql
    • EPSS Score: %0.83
    • Published: Aug. 17, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2023-3906

    An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, allowed an authenticated attacker to craft image urls which bypass the asset proxy.... Read more

    Affected Products : gitlab
    • EPSS Score: %0.21
    • Published: Sep. 29, 2023
    • Modified: May. 05, 2025

  • 3.5

    LOW
    CVE-2020-2694

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.18 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multipl... Read more

    • EPSS Score: %0.59
    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2016-0598

    Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.... Read more

    • EPSS Score: %0.41
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291672 Results