Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2014-4669

    HP Enterprise Maps 1.00 allows remote authenticated users to read arbitrary files via a WSDL document containing an XML external entity declaration in conjunction with an entity reference within a GetQuote operation, related to an XML External Entity (XXE... Read more

    Affected Products : enterprise_maps
    • EPSS Score: %0.35
    • Published: Jun. 28, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2007-5731

    Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.... Read more

    Affected Products : jakarta_slide
    • EPSS Score: %13.08
    • Published: Oct. 30, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2012-1979

    Cross-site scripting (XSS) vulnerability in starnet/index.php in SyndeoCMS 3.0.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the email parameter (aka Email address field) in an edit_user configuration action.... Read more

    Affected Products : syndeocms
    • EPSS Score: %0.93
    • Published: Apr. 17, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-3009

    The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 through 11.0 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 does not properly handle FRAME elements, which makes it easier... Read more

    • EPSS Score: %0.14
    • Published: Aug. 01, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2008-2758

    Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute News Manager XE 3.2 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) pblname and (2) text parameters to (a) admin/search.asp, (3) name parame... Read more

    Affected Products : absolute_news_manager_xe
    • EPSS Score: %0.36
    • Published: Jun. 18, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2007-3818

    Cross-site scripting (XSS) vulnerability in the LoginToboggan module 5.x-1.x-dev before 20070712 for Drupal allows remote authenticated users with "administer blocks" permission to inject arbitrary JavaScript and gain privileges via "the message displayed... Read more

    Affected Products : logintoboggan_module
    • EPSS Score: %0.19
    • Published: Jul. 17, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2014-1995

    Cross-site scripting (XSS) vulnerability in the Map search functionality in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : garoon
    • EPSS Score: %0.21
    • Published: Jul. 20, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2012-0579

    Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.4.0 allows remote authenticated users to affect confidentiality via unknown vectors related to C... Read more

    Affected Products : financial_services_software
    • EPSS Score: %0.36
    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-3069

    Multiple CRLF injection vulnerabilities in the Universal Access component in IBM Curam Social Program Management (SPM) 6.0.5.5, when WebSphere Application Server is not used, allow remote authenticated users to inject arbitrary HTTP headers and conduct HT... Read more

    Affected Products : curam_social_program_management
    • EPSS Score: %0.16
    • Published: Aug. 12, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-2269

    Multiple cross-site scripting (XSS) vulnerabilities in lib/javascript-static.js in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) alt o... Read more

    Affected Products : moodle
    • EPSS Score: %0.53
    • Published: Jun. 01, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-4791

    Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.... Read more

    Affected Products : mysql
    • EPSS Score: %0.27
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-1922

    The Data Movement implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to bypass intended access restrictions and delete table rows via unspecified... Read more

    Affected Products : db2
    • EPSS Score: %0.23
    • Published: Jul. 20, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-1944

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : websphere_portal
    • EPSS Score: %0.16
    • Published: Jul. 14, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2008-3301

    Multiple cross-site scripting (XSS) vulnerabilities in BilboBlog 0.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) content parameter to admin/update.php, related to conflicting code in widget.php; and allow... Read more

    Affected Products : bilboblog
    • EPSS Score: %0.40
    • Published: Jul. 25, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2015-3177

    Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering subscriptions to site-wide event-monitor rules, which allows remote authenticated users to obtain sensitive information via a subscription request.... Read more

    Affected Products : moodle
    • EPSS Score: %0.31
    • Published: Jun. 01, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2024-43755

    Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and aff... Read more

    • Published: Dec. 10, 2024
    • Modified: Jan. 15, 2025

  • 3.5

    LOW
    CVE-2015-4078

    Cloudera Navigator 2.2.x before 2.2.4 and 2.3.x before 2.3.3 include support for SSLv3 when configured to use SSL/TLS, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (... Read more

    Affected Products : cloudera_manager navigator
    • EPSS Score: %0.24
    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2015-0364

    Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect availability via unknown vectors related to Integration Business Services.... Read more

    Affected Products : siebel_crm
    • EPSS Score: %0.42
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-2760

    Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : data_loss_prevention_endpoint
    • EPSS Score: %0.18
    • Published: Mar. 27, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-9739

    Cross-site scripting (XSS) vulnerability in the Node Field module 7.x-2.x before 7.x-2.45 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors involving internal fields.... Read more

    Affected Products : node_field
    • EPSS Score: %0.16
    • Published: Jul. 06, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291891 Results