Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2011-3978

    Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy.php in LightNEasy 3.2.4 allow remote authenticated users to inject arbitrary web script or HTML via the (1) commentemail, (2) commentmessage, or (3) commentname parameter in a sendcomment a... Read more

    Affected Products : lightneasy
    • EPSS Score: %0.35
    • Published: Oct. 04, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-5491

    The Dynamic display block module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users to bypass intended access restrictions and read sensitive titles by leveraging the "administer ddblock" permission.... Read more

    Affected Products : dynamic_display_block
    • EPSS Score: %0.18
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0874

    Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter.... Read more

    Affected Products : content_navigator
    • EPSS Score: %0.19
    • Published: Feb. 28, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-8318

    Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x before 6.x-3.20, 7.x-3.x before 7.x-3.20, and 7.x-4.x before 7.x-4.0-beta2 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML ... Read more

    Affected Products : webform
    • EPSS Score: %0.27
    • Published: Oct. 17, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2019-2899

    Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: OAM). Supported versions that are affected are 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attack... Read more

    • EPSS Score: %0.37
    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2007-5949

    Cross-site scripting (XSS) vulnerability in IBM Tivoli Service Desk 6.2 allows remote authenticated users to inject arbitrary web script or HTML via the Description parameter in a Maximo change action.... Read more

    Affected Products : tivoli_service_desk
    • EPSS Score: %0.30
    • Published: Nov. 14, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2009-5055

    Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by visiting ... Read more

    Affected Products : otrs
    • EPSS Score: %0.10
    • Published: Mar. 18, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-5500

    Cross-site scripting (XSS) vulnerability in the Navigate module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : navigate
    • EPSS Score: %0.14
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2008-3993

    Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2 and 12.0.4 allows remote authenticated users to affect integrity via unknown vectors.... Read more

    Affected Products : e-business_suite
    • EPSS Score: %0.25
    • Published: Oct. 14, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2008-3874

    Cross-site scripting (XSS) vulnerability in account.php in Lussumo Vanilla 1.1.5-rc1, 1.1.4, and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Value field (aka Label ==> Value pairs). NOTE: some of these details... Read more

    Affected Products : vanilla
    • EPSS Score: %0.34
    • Published: Aug. 29, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2008-5996

    Cross-site scripting (XSS) vulnerability in the Simplenews module 5.x before 5.x-1.5 and 6.x before 6.x-1.0-beta4, a module for Drupal, allows remote authenticated users, with "administer taxonomy" permissions, to inject arbitrary web script or HTML via a... Read more

    Affected Products : drupal simplenews
    • EPSS Score: %0.15
    • Published: Jan. 28, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2011-1949

    Cross-site scripting (XSS) vulnerability in the safe_html filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-201... Read more

    Affected Products : plone
    • EPSS Score: %0.37
    • Published: Jun. 06, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2008-5999

    Cross-site scripting (XSS) vulnerability in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allows remote authenticated users, with create and edit permissions for posts, to inject arbitrary web script or HTML via unspecified vectors involving the... Read more

    Affected Products : drupal ajax_checklist
    • EPSS Score: %0.16
    • Published: Jan. 28, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2012-4270

    Cross-site scripting (XSS) vulnerability in eFront 3.6.11 allows remote authenticated users to inject arbitrary web script or HTML via the subject box of a message.... Read more

    Affected Products : efront
    • EPSS Score: %0.18
    • Published: Aug. 13, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-8897

    Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 b... Read more

    • EPSS Score: %0.17
    • Published: Dec. 22, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2008-4083

    Cross-site scripting (XSS) vulnerability in the Bookmarks plugin in Brim 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in an addItemPost action to index.php. NOTE: some of these details are obtained f... Read more

    Affected Products : brim
    • EPSS Score: %0.21
    • Published: Sep. 15, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2007-1828

    Multiple cross-site scripting (XSS) vulnerabilities in web-app.org WebAPP before 0.9.9.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the QUERY_STRING corresponding to drop downs or (2) various forms.... Read more

    Affected Products : webapp
    • EPSS Score: %0.36
    • Published: Apr. 03, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2015-0122

    Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix 5, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different v... Read more

    Affected Products : rational_team_concert
    • EPSS Score: %0.19
    • Published: Mar. 13, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-3840

    Multiple cross-site scripting (XSS) vulnerabilities in apps/common/templates/calculate_form_title.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a (1) tag or the (2) title of a source in a Staging folde... Read more

    Affected Products : mayan_edms
    • EPSS Score: %1.25
    • Published: May. 27, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2020-8919

    An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the default set of priviledges to read all other user's personal ... Read more

    Affected Products : gerrit
    • EPSS Score: %0.08
    • Published: Dec. 10, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291739 Results