Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2011-3199

    Multiple cross-site scripting (XSS) vulnerabilities in Domain Technologie Control (DTC) before 0.34.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message body of a support ticket or unspecified vectors to the (2) DN... Read more

    Affected Products : domain_technologie_control
    • EPSS Score: %0.23
    • Published: Mar. 21, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-7217

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly ha... Read more

    Affected Products : phpmyadmin
    • EPSS Score: %0.34
    • Published: Oct. 03, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-1636

    Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 Gold and SP1 and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint... Read more

    • EPSS Score: %7.90
    • Published: Mar. 11, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-1871

    Cross-site scripting (XSS) vulnerability in account/EditAddress.do in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter.... Read more

    Affected Products : satellite satellite
    • EPSS Score: %0.29
    • Published: Feb. 14, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-4422

    wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated users to ... Read more

    Affected Products : wordpress
    • EPSS Score: %0.31
    • Published: Sep. 14, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-4771

    Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to RBR.... Read more

    Affected Products : ubuntu_linux mysql
    • EPSS Score: %0.72
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-4051

    Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-4055.... Read more

    Affected Products : lotus_domino
    • EPSS Score: %0.17
    • Published: Nov. 08, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-8302

    Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4, 6.0.x before 6.0.6, and 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via vectors related to dashboard.... Read more

    Affected Products : splunk
    • EPSS Score: %0.18
    • Published: Oct. 16, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2024-38870

    Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and OpManager Enterprise Edition versions before 128104, from 128151 before 128238, from 128247 before 128250 are vulnerable to Stored XSS vulnerability in reports module.... Read more

    Affected Products :
    • Published: Jul. 17, 2024
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2011-1504

    Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA allows remote authenticated users to inject arbitrary web script or HTML via a blog title.... Read more

    Affected Products : liferay_portal portal
    • EPSS Score: %0.34
    • Published: May. 07, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-3840

    Multiple cross-site scripting (XSS) vulnerabilities in apps/common/templates/calculate_form_title.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a (1) tag or the (2) title of a source in a Staging folde... Read more

    Affected Products : mayan_edms
    • EPSS Score: %1.25
    • Published: May. 27, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2017-1150

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to view. IBM Reference #: 1999515.... Read more

    Affected Products : db2
    • EPSS Score: %0.16
    • Published: Mar. 08, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2012-4954

    The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a "parameter manipulation" issue.... Read more

    Affected Products : vanilla_forums vanilla
    • EPSS Score: %0.32
    • Published: Nov. 15, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-0122

    Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix 5, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different v... Read more

    Affected Products : rational_team_concert
    • EPSS Score: %0.19
    • Published: Mar. 13, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2023-41332

    Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with `policy.cilium.io/proxy-visibility` annotations (in Cilium >= v1.13) or `... Read more

    Affected Products : cilium
    • EPSS Score: %0.03
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2014-4279

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 allows remote authenticated users to affect integrity via vectors related to PIA Core Technology.... Read more

    Affected Products : peoplesoft_products
    • EPSS Score: %0.15
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2012-4587

    McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1, when one-time provisioning (OTP) mode is enabled, have an improper dependency on DNS SRV records, which makes it easier for remote attackers to discover user passwords by sp... Read more

    • EPSS Score: %0.18
    • Published: Aug. 22, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-0509

    Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2 and 5.3.0 through 5.3.4 allows remote authenticated users to affect integrity via unknown vectors related to Core-Base.... Read more

    Affected Products : financial_services_software
    • EPSS Score: %0.19
    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2024-47587

    Cash Operations does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges causing low impact to confidentiality to the application.... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 12, 2024

  • 3.5

    LOW
    CVE-2013-6911

    Cross-site scripting (XSS) vulnerability in the bulletin-board component in Cybozu Garoon before 3.7.2, when Internet Explorer or Firefox is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : firefox internet_explorer garoon
    • EPSS Score: %0.23
    • Published: Dec. 05, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 291921 Results