Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2009-4532

    Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, allows remote authenticated users, with webform creation privileges, to inject arbitrary web script or HTML via a field label.... Read more

    Affected Products : drupal webform
    • EPSS Score: %0.34
    • Published: Dec. 31, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2025-49810

    Mattermost versions 10.5.x <= 10.5.8 fail to validate access controls at time of access which allows user to read a thread via AI posts... Read more

    Affected Products : mattermost_server
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Authorization

  • 3.5

    LOW
    CVE-2014-8622

    Cross-site scripting (XSS) vulnerability in compfight-search.php in the Compfight plugin 1.4 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the search-value parameter.... Read more

    Affected Products : compfight
    • EPSS Score: %0.28
    • Published: Nov. 05, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2009-1942

    Cross-site scripting (XSS) vulnerability in the Quiz module 5.x, 6.x-2.x before 6.x-2.2, and 6.x-3.x before 6.x-3.0, a module for Drupal, allows remote authenticated users, with create quizzes or quiz questions access, to inject arbitrary web script or HT... Read more

    Affected Products : quiz quiz
    • EPSS Score: %0.34
    • Published: Jun. 05, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2006-7043

    Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blogger allow remote authenticated users to inject arbitrary web script or HTML via script tags in (1) posts and (2) profile names; and (3) a javascript URI in a URL argument in the photo gal... Read more

    Affected Products : chipmunk_blogger
    • EPSS Score: %0.20
    • Published: Feb. 24, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2012-4500

    The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the "access announcements" permission to bypass node access restrictions and possibly have other unspecified impact.... Read more

    Affected Products : drupal announcements
    • EPSS Score: %0.35
    • Published: Oct. 31, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-6152

    Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Integrated Portal (TIP) 2.2.x allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : tivoli_integrated_portal
    • EPSS Score: %0.21
    • Published: Oct. 25, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2012-4584

    McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, does not properly encrypt system-backup data, which makes it easier for remote authenticated users to obtain sensitive in... Read more

    • EPSS Score: %0.16
    • Published: Aug. 22, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2006-6821

    myprofile.asp in Enthrallweb eNews does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified... Read more

    Affected Products : enews
    • EPSS Score: %3.86
    • Published: Dec. 29, 2006
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2024-37234

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kodezen Limited Academy LMS.This issue affects Academy LMS: from n/a through 2.0.4.... Read more

    Affected Products :
    • Published: Jul. 06, 2024
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2007-5319

    Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solaris 8, 9, and 10 allows local users with console (/dev/console) access to cause a denial of service ("unusable" system console) via unspecified vectors.... Read more

    Affected Products : solaris
    • EPSS Score: %0.61
    • Published: Oct. 09, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2014-5276

    Multiple cross-site scripting (XSS) vulnerabilities in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to inject arbitrary web script or HTML via (1) an uploaded profile picture or (2) the edit parameter to profiles/index.php.... Read more

    Affected Products : text_chat_rooms text_chat_rooms
    • EPSS Score: %0.81
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2007-2909

    Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin 3.6.x before 3.6.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_calendar366_xss_fix_plugin.xml update.... Read more

    Affected Products : vbulletin vbulletin
    • EPSS Score: %0.17
    • Published: May. 30, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2009-0743

    Cross-site scripting (XSS) vulnerability in the edit account page in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote authenticated users to inject arbitrar... Read more

    • EPSS Score: %0.23
    • Published: Feb. 27, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2014-6151

    CRLF injection vulnerability in IBM Tivoli Integrated Portal (TIP) 2.2.x allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.... Read more

    Affected Products : tivoli_integrated_portal
    • EPSS Score: %0.23
    • Published: Oct. 25, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-8376

    Cross-site scripting (XSS) vulnerability in the context administration sub-panel in the Site Banner module before 7.x-4.1 for Drupal allows remote authenticated users with the "Administer contexts" Context UI module permission to inject arbitrary web scri... Read more

    Affected Products : site_banner
    • EPSS Score: %0.20
    • Published: Oct. 21, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2011-0827

    Unspecified vulnerability in the PeopleSoft Enterprise component in Oracle PeopleSoft Products 8.50 GA through 8.50.17 and 8.51 GA through 8.51.07 allows remote authenticated users to affect integrity via unknown vectors related to PeopleTools.... Read more

    • EPSS Score: %0.15
    • Published: Apr. 20, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-4819

    Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote authenticated users to obtain sensitive information via unknown vectors.... Read more

    Affected Products : icewall_sso_agent_option
    • EPSS Score: %0.18
    • Published: Sep. 23, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2016-0473

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote authenticated users to affect integrity via unknown vectors related to Fluid Core.... Read more

    • EPSS Score: %0.15
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2010-0684

    Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.... Read more

    Affected Products : activemq
    • EPSS Score: %0.29
    • Published: Apr. 05, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 291739 Results