Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2014-8893

    Multiple cross-site scripting (XSS) vulnerabilities in (1) mainpage.jsp and (2) GetImageServlet.img in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allow remote authenticated users to inject arbitrary web script... Read more

    Affected Products : tririga_application_platform
    • EPSS Score: %0.19
    • Published: Jan. 29, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2009-1942

    Cross-site scripting (XSS) vulnerability in the Quiz module 5.x, 6.x-2.x before 6.x-2.2, and 6.x-3.x before 6.x-3.0, a module for Drupal, allows remote authenticated users, with create quizzes or quiz questions access, to inject arbitrary web script or HT... Read more

    Affected Products : quiz quiz
    • EPSS Score: %0.34
    • Published: Jun. 05, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2024-12273

    The Calculated Fields Form WordPress plugin before 5.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is di... Read more

    Affected Products : calculated_fields_form
    • Published: Apr. 29, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2012-4584

    McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, does not properly encrypt system-backup data, which makes it easier for remote authenticated users to obtain sensitive in... Read more

    • EPSS Score: %0.16
    • Published: Aug. 22, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-0128

    Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix4, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different... Read more

    Affected Products : rational_quality_manager
    • EPSS Score: %0.17
    • Published: Mar. 18, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2012-2206

    The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as demonstrated by a modified metadata=fteSamplesUser field... Read more

    Affected Products : websphere_mq
    • EPSS Score: %7.72
    • Published: Aug. 17, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-4848

    Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Foundations Start before 1.2.2c allow remote authenticated users to inject arbitrary web script or HTML via a Webconfig Users user-attribute field, as demonstrated by the (1) First Name or (... Read more

    Affected Products : lotus_foundations_start
    • EPSS Score: %0.17
    • Published: Dec. 19, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-8622

    Cross-site scripting (XSS) vulnerability in compfight-search.php in the Compfight plugin 1.4 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the search-value parameter.... Read more

    Affected Products : compfight
    • EPSS Score: %0.28
    • Published: Nov. 05, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-3096

    Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management before 6.0.5.5a allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : curam_social_program_management
    • EPSS Score: %0.17
    • Published: Jan. 10, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2009-4371

    Cross-site scripting (XSS) vulnerability in the Locale module (modules/locale/locale.module) in Drupal Core 6.14, and possibly other versions including 6.15, allows remote authenticated users with "administer languages" permissions to inject arbitrary web... Read more

    Affected Products : drupal
    • EPSS Score: %0.17
    • Published: Dec. 21, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2015-0130

    Cross-site scripting (XSS) vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Quality Manager (RQM) 4.x before 4.0.7 IF6 and 5.x before 5.0.... Read more

    • EPSS Score: %0.17
    • Published: Jul. 20, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2008-6299

    Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2... Read more

    Affected Products : joomla
    • EPSS Score: %0.01
    • Published: Feb. 26, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2006-6821

    myprofile.asp in Enthrallweb eNews does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified... Read more

    Affected Products : enews
    • EPSS Score: %3.86
    • Published: Dec. 29, 2006
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2014-5174

    The SAP Netweaver Business Warehouse component does not properly restrict access to the functions in the BW-SYS-DB-DB4 function group, which allows remote authenticated users to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : netweaver_business_warehouse
    • EPSS Score: %0.45
    • Published: Jul. 31, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2005-4191

    Multiple cross-site scripting (XSS) vulnerabilities in templates/tasklists/tasklists.inc in Horde Nag Task List Manager H3 before 2.0.4 allow remote authenticated users to inject arbitrary web script or HTML via (1) the tasklist's name or (2) description,... Read more

    Affected Products : nag_task_list_manager_h3
    • EPSS Score: %0.37
    • Published: Dec. 13, 2005
    • Modified: Apr. 03, 2025

  • 3.5

    LOW
    CVE-2025-1622

    The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is d... Read more

    Affected Products : gdpr_cookie_compliance
    • Published: Mar. 16, 2025
    • Modified: Apr. 02, 2025

  • 3.5

    LOW
    CVE-2024-0351

    A vulnerability classified as problematic has been found in SourceCodester Engineers Online Portal 1.0. This affects an unknown part. The manipulation leads to session fixiation. It is possible to initiate the attack remotely. The complexity of an attack ... Read more

    Affected Products : engineers_online_portal
    • EPSS Score: %0.05
    • Published: Jan. 09, 2024
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2014-4836

    Cross-site scripting (XSS) vulnerability in breakOutWithName.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbitrary web s... Read more

    Affected Products : tririga_application_platform
    • EPSS Score: %0.19
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2012-1628

    Cross-site scripting (XSS) vulnerability in the SuperCron module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal supercron
    • EPSS Score: %0.21
    • Published: Sep. 20, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-0472

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect integrity via vectors related to PIA Core Technology, a different vulnerability than CVE-2... Read more

    Affected Products : peoplesoft_products
    • EPSS Score: %0.15
    • Published: Apr. 16, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291712 Results