Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2014-8349

    Cross-site scripting (XSS) vulnerability in Liferay Portal Enterprise Edition (EE) 6.2 SP8 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the _20_body parameter in the comment field in an uploaded file.... Read more

    Affected Products : liferay_portal
    • Published: Nov. 24, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-1621

    Cross-site scripting (XSS) vulnerability in the Webform prepopulate block module before 7.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : webform_prepopulate_block
    • Published: Feb. 17, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-0707

    Cross-site scripting (XSS) vulnerability in Cisco FireSIGHT System Software 5.3.1.1 and 6.0.0 in FireSIGHT Management Center allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCus85425.... Read more

    Affected Products : firesight_system_software
    • Published: Apr. 23, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-1054

    Cross-site scripting (XSS) vulnerability in the Games feature in Crea8Social 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the Game Content field in Add Game.... Read more

    Affected Products : crea8social
    • Published: Jan. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-1617

    Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : data_loss_prevention_endpoint
    • Published: Feb. 17, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-1633

    Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1, and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web sc... Read more

    • Published: Mar. 11, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-0216

    access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted essay feedback.... Read more

    Affected Products : moodle
    • Published: Jun. 01, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-3369

    Cross-site scripting (XSS) vulnerability in the Taxonews module before 6.x-1.2 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a term name in a bl... Read more

    Affected Products : taxonews
    • Published: Apr. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-3344

    Cross-site scripting (XSS) vulnerability in the Course module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title.... Read more

    Affected Products : course
    • Published: Apr. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-0212

    Cross-site scripting (XSS) vulnerability in course/pending.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted course summary.... Read more

    Affected Products : moodle
    • Published: Jun. 01, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-0128

    Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix4, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different... Read more

    Affected Products : rational_quality_manager
    • Published: Mar. 18, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-3360

    Cross-site scripting (XSS) vulnerability in the Term Merge module before 7.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : term_merge
    • Published: Apr. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-8326

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table ... Read more

    Affected Products : phpmyadmin opensuse
    • Published: Nov. 05, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-0131

    Cross-site scripting (XSS) vulnerability in IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 allows remote authenticated users to inject ar... Read more

    Affected Products : leads
    • Published: Jun. 28, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-0103

    Multiple cross-site scripting (XSS) vulnerabilities in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allow remote authenticated users to inject arbitrary web script or HTML v... Read more

    Affected Products : business_process_manager
    • Published: Mar. 24, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-3368

    Cross-site scripting (XSS) vulnerability in the administration user interface in the Classified Ads module before 6.x-3.1 and 7.x-3.x before 7.x-3.1 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary... Read more

    Affected Products : classified_ads
    • Published: Apr. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-2677

    Multiple cross-site scripting (XSS) vulnerabilities in ocPortal before 9.0.17 allow remote authenticated users to inject arbitrary web script or HTML via the (1) title or (2) text field in the cms_calendar page to cms/index.php; unspecified fields in (3) ... Read more

    Affected Products : ocportal
    • Published: Mar. 23, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-0125

    Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 4.x before 4.0.7 iFix3 allows remote authenticated users to inject arbitrary web script or HTML v... Read more

    • Published: Mar. 18, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-2649

    Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.22, and 15.0 allows remote authenticated users to affect confidentiality via vectors related to UIF Open UI.... Read more

    Affected Products : siebel_crm
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-2273

    Cross-site scripting (XSS) vulnerability in mod/quiz/report/statistics/statistics_question_table.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to inject arbitrary web script o... Read more

    Affected Products : moodle
    • Published: Jun. 01, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 292768 Results