Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2009-3262

    Cross-site scripting (XSS) vulnerability in the Self Service UI (SSUI) in IBM Tivoli Identity Manager (ITIM) 5.0.0.5 allows remote authenticated users to inject arbitrary web script or HTML via the last name field in a profile.... Read more

    Affected Products : tivoli_identity_manager
    • EPSS Score: %0.19
    • Published: Sep. 18, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2020-8588

    Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which could allow unauthorized tenant users to discover the existence of data on other Storage Virtual Machines (SVMs).... Read more

    • EPSS Score: %0.09
    • Published: Feb. 03, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2013-3920

    Cross-site scripting (XSS) vulnerability in Jahia xCM before 6.6.2 allows remote authenticated users to inject arbitrary web script or HTML via the "about me" field.... Read more

    Affected Products : jahia_xcm
    • EPSS Score: %0.16
    • Published: Nov. 27, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-4763

    Cross-site scripting (XSS) vulnerability in Content Navigator in Content Engine in IBM FileNet Content Manager 5.2.x before 5.2.0.3-P8CPE-IF003 and Content Foundation 5.2.x before 5.2.0.3-P8CPE-IF003 allows remote authenticated users to inject arbitrary w... Read more

    • EPSS Score: %0.21
    • Published: Sep. 15, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2011-2406

    Cross-site scripting (XSS) vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : openview_performance_insight
    • EPSS Score: %0.22
    • Published: Aug. 11, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2007-4741

    Cross-site scripting (XSS) vulnerability in admin/adminusers.php in Claroline before 1.8.6 allows remote authenticated administrators to inject arbitrary web script or HTML via the sort parameter. NOTE: the provenance of this information is unknown; the ... Read more

    Affected Products : claroline
    • EPSS Score: %0.18
    • Published: Sep. 06, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2010-0857

    Unspecified vulnerability in the Oracle Workflow Cartridge component in Oracle E-Business Suite 11.5.10.2 allows remote authenticated users to affect integrity via unknown vectors.... Read more

    Affected Products : e-business_suite
    • EPSS Score: %0.38
    • Published: Apr. 13, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-4813

    Cross-site scripting (XSS) vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML by editing or creating vocabulary names, whi... Read more

    Affected Products : drupal category_tokens
    • EPSS Score: %0.18
    • Published: Jul. 08, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-2971

    Cross-site scripting (XSS) vulnerability in AddStdLetter.jsp in MicroPact iComplaints before 8.0.2.1.8.8014 allows remote authenticated users to inject arbitrary web script or HTML via the description parameter.... Read more

    Affected Products : icomplaints
    • EPSS Score: %0.34
    • Published: Jul. 24, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-2729

    Cross-site scripting (XSS) vulnerability in content.aspx in Ektron CMS 8.7 before 8.7.0.055 allows remote authenticated users to inject arbitrary web script or HTML via the category0 parameter, which is not properly handled when displaying the Subjects ta... Read more

    Affected Products : ektron_content_management_system
    • EPSS Score: %0.18
    • Published: Apr. 25, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2006-5883

    Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) dir parameter in (a) seldir.html, and the (2) user and (3) dir parameters in (b) newuser.html.... Read more

    Affected Products : cpanel
    • EPSS Score: %1.36
    • Published: Nov. 14, 2006
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2013-2955

    Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, related to a stored XSS i... Read more

    • EPSS Score: %0.17
    • Published: May. 27, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2023-4654

    Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1.... Read more

    Affected Products : instantcms icms2
    • EPSS Score: %0.04
    • Published: Aug. 31, 2023
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2012-3923

    The SSLVPN implementation in Cisco IOS 12.4, 15.0, 15.1, and 15.2, when DTLS is not enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session in... Read more

    Affected Products : ios
    • EPSS Score: %0.38
    • Published: Sep. 16, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-0129

    Multiple cross-site scripting (XSS) vulnerabilities in pd-admin before 4.17 allow remote authenticated users to inject arbitrary web script or HTML via (1) the WebFTP Overview "Create new directory" field or (2) the body of an e-mail autoresponder message... Read more

    Affected Products : pd-admin
    • EPSS Score: %0.21
    • Published: Apr. 19, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-0124

    Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix4, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different... Read more

    Affected Products : rational_quality_manager
    • EPSS Score: %0.19
    • Published: Mar. 18, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-8743

    Multiple cross-site scripting (XSS) vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a (1) Role or (2) Organic Group name.... Read more

    Affected Products : maestro maestro
    • EPSS Score: %0.18
    • Published: Oct. 13, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-1968

    Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : infosphere_master_data_management
    • EPSS Score: %0.17
    • Published: Jul. 20, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-6745

    Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an unspecif... Read more

    • EPSS Score: %0.18
    • Published: Dec. 22, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2016-6539

    The Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse. The MAC address can be obtained by being in close proximity to the Bluetooth device, effectively exposing the device ID. The ID can... Read more

    Affected Products : trackr_firmware trackr
    • EPSS Score: %0.16
    • Published: Jul. 06, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291824 Results