Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2013-6915

    Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : garoon
    • Published: Dec. 05, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2017-18436

    cPanel before 64.0.21 allows demo accounts to read files via a Fileman::getfileactions API2 call (SEC-239).... Read more

    Affected Products : cpanel
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2015-4132

    Multiple cross-site scripting (XSS) vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : clearpass_policy_manager
    • Published: May. 28, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-4944

    Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX003, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX003 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCl... Read more

    • Published: Oct. 06, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2009-3486

    Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via the host parameter to (1) the pinghost program, reachable through the diagnose... Read more

    Affected Products : junos junos
    • Published: Sep. 30, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2015-4372

    Cross-site scripting (XSS) vulnerability in the Image Title module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : image_title
    • Published: Jun. 15, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2009-4532

    Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, allows remote authenticated users, with webform creation privileges, to inject arbitrary web script or HTML via a field label.... Read more

    Affected Products : drupal webform
    • Published: Dec. 31, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2024-56082

    ChatBar.tsx in Lumos before 1.0.17 parses raw HTML in Markdown because the markdown-to-jsx package is used without disableParsingRawHTML set to true.... Read more

    Affected Products :
    • Published: Dec. 15, 2024
    • Modified: Dec. 16, 2024

  • 3.5

    LOW
    CVE-2024-43446

    An improper privilege management vulnerability in OTRS Generic Interface module allows change of the Ticket status even if the user only has ro permissions. This issue affects: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X * (... Read more

    Affected Products : otrs
    • Published: Jan. 27, 2025
    • Modified: Jan. 27, 2025
    • Vuln Type: Authorization

  • 3.5

    LOW
    CVE-2024-10545

    The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.9 does not sanitise and escape some of its Image settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered... Read more

    Affected Products : nextgen_gallery
    • Published: Feb. 25, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2020-18463

    Cross Site Request Forgery (CSRF) vulnerability exists in v2.0.0 in video_list.php, which can let a malicious user delete a video message.... Read more

    Affected Products : aikcms
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2016-5509

    Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Difficult to exploit vulnerability allows l... Read more

    Affected Products : flexcube_investor_servicing
    • Published: Jan. 27, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2016-6001

    IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources.... Read more

    Affected Products : forms_experience_builder
    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2025-37108

    Cross-site scripting vulnerability has been identified in HPE Telco Service Activator product... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2022-20330

    In Bluetooth, there is a possible way to connect or disconnect bluetooth devices without user awareness due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not need... Read more

    Affected Products : android
    • Published: Aug. 12, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2015-8481

    Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote... Read more

    • Published: Jan. 08, 2016
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2020-27601

    In BigBlueButton before 2.2.7, lockSettingsProps.disablePrivateChat does not apply to already opened chats. This occurs in bigbluebutton-html5/imports/ui/components/chat/service.js.... Read more

    Affected Products : bigbluebutton
    • Published: Sep. 29, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2023-29066

    The FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data folders.... Read more

    • Published: Nov. 28, 2023
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2019-2793

    Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.1-12.0.3, 12.1.0-12.4.0 and 14.0.0-14.2.0. Easily exploitable vulnerab... Read more

    Affected Products : flexcube_universal_banking
    • Published: Jul. 23, 2019
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2020-5301

    SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. The module controller in `SimpleSAML\Module` that processes requests for pages hosted by modules, has code to identify paths ending with `.php` and process those as PHP ... Read more

    Affected Products : simplesamlphp
    • Published: Apr. 21, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292885 Results