Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2015-5365

    Cross-site scripting (XSS) vulnerability in Zurmo CRM 3.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "What's going on?" profile field.... Read more

    Affected Products : zurmo_crm
    • EPSS Score: %0.16
    • Published: Jul. 02, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2008-5666

    WinFTP FTP Server 2.3.0, when passive (aka PASV) mode is used, allows remote authenticated users to cause a denial of service via a sequence of FTP sessions that include an invalid "NLST -1" command.... Read more

    Affected Products : winftp_ftp_server
    • EPSS Score: %63.29
    • Published: Dec. 19, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2011-3591

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editin... Read more

    Affected Products : phpmyadmin
    • EPSS Score: %0.18
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2011-5269

    Cross-site scripting (XSS) vulnerability in ProjectForge before 3.5.3 allows remote authenticated users to inject arbitrary web script or HTML via a validation message.... Read more

    Affected Products : projectforge
    • EPSS Score: %0.22
    • Published: Jan. 02, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2008-3782

    Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in ACG-PTP 1.0.6 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) Category name field under Advertisement Packages, the (2) Reason field und... Read more

    Affected Products : acg_ptp
    • EPSS Score: %0.20
    • Published: Aug. 26, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2015-7227

    The Fieldable Panels Panes module 7.x-1.x before 7.x-1.7 for Drupal does not properly check permissions to edit Fieldable Panels Panes entities, which allows remote authenticated users to edit panes by leveraging permissions to edit panels.... Read more

    Affected Products : fieldable_panels_panes
    • EPSS Score: %0.13
    • Published: Sep. 17, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2007-5621

    Multiple cross-site scripting (XSS) vulnerabilities in the Token module before 4.7.x-1.5, and 5.x before 5.x-1.9, for Drupal; as used by the ASIN Field, e-Commerce, Fullname field for CCK, Invite, Node Relativity, Pathauto, PayPal Node, and Ubercart modul... Read more

    • EPSS Score: %0.20
    • Published: Oct. 22, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2022-3343

    The WPQA Builder WordPress plugin before 5.9.3 (which is a companion plugin used with Discy and Himer Discy WordPress themes) incorrectly tries to validate that a user already follows another in the wpqa_following_you_ajax action, allowing a user to infla... Read more

    Affected Products : discy wpqa_builder himer
    • EPSS Score: %0.16
    • Published: Jan. 09, 2023
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2012-1628

    Cross-site scripting (XSS) vulnerability in the SuperCron module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal supercron
    • EPSS Score: %0.21
    • Published: Sep. 20, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2008-6299

    Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2... Read more

    Affected Products : joomla
    • EPSS Score: %0.01
    • Published: Feb. 26, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2006-6821

    myprofile.asp in Enthrallweb eNews does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified... Read more

    Affected Products : enews
    • EPSS Score: %3.86
    • Published: Dec. 29, 2006
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2014-6152

    Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Integrated Portal (TIP) 2.2.x allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : tivoli_integrated_portal
    • EPSS Score: %0.21
    • Published: Oct. 25, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2025-1622

    The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is d... Read more

    Affected Products : gdpr_cookie_compliance
    • Published: Mar. 16, 2025
    • Modified: Apr. 02, 2025

  • 3.5

    LOW
    CVE-2023-52371

    Vulnerability of null references in the motor module.Successful exploitation of this vulnerability may affect availability.... Read more

    Affected Products : emui harmonyos
    • Published: Feb. 18, 2024
    • Modified: Dec. 04, 2024

  • 3.5

    LOW
    CVE-2014-4836

    Cross-site scripting (XSS) vulnerability in breakOutWithName.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbitrary web s... Read more

    Affected Products : tririga_application_platform
    • EPSS Score: %0.19
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2024-37234

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kodezen Limited Academy LMS.This issue affects Academy LMS: from n/a through 2.0.4.... Read more

    Affected Products :
    • Published: Jul. 06, 2024
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2024-0351

    A vulnerability classified as problematic has been found in SourceCodester Engineers Online Portal 1.0. This affects an unknown part. The manipulation leads to session fixiation. It is possible to initiate the attack remotely. The complexity of an attack ... Read more

    Affected Products : engineers_online_portal
    • EPSS Score: %0.05
    • Published: Jan. 09, 2024
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2006-7043

    Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blogger allow remote authenticated users to inject arbitrary web script or HTML via script tags in (1) posts and (2) profile names; and (3) a javascript URI in a URL argument in the photo gal... Read more

    Affected Products : chipmunk_blogger
    • EPSS Score: %0.20
    • Published: Feb. 24, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2019-2547

    Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privil... Read more

    Affected Products : database database_server
    • EPSS Score: %0.28
    • Published: Jan. 16, 2019
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2017-5930

    The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check.... Read more

    Affected Products : leap postfixadmin
    • EPSS Score: %39.86
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291647 Results