Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2016-6001

    IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources.... Read more

    Affected Products : forms_experience_builder
    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2016-5509

    Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Difficult to exploit vulnerability allows l... Read more

    Affected Products : flexcube_investor_servicing
    • Published: Jan. 27, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2021-25014

    The Ibtana WordPress plugin before 1.1.4.9 does not have authorisation and CSRF checks in the ive_save_general_settings AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings which could lead to Store... Read more

    Affected Products : ibtana
    • Published: Feb. 14, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2020-27601

    In BigBlueButton before 2.2.7, lockSettingsProps.disablePrivateChat does not apply to already opened chats. This occurs in bigbluebutton-html5/imports/ui/components/chat/service.js.... Read more

    Affected Products : bigbluebutton
    • Published: Sep. 29, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2025-37108

    Cross-site scripting vulnerability has been identified in HPE Telco Service Activator product... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2013-4007

    Cross-site scripting (XSS) vulnerability in adv_sw.php in the Advanced Management Module (AMM) with firmware BBET before BBET64G and BPET before BPET64G for IBM BladeCenter systems allows remote attackers to inject arbitrary web script or HTML via unspeci... Read more

    • Published: Aug. 16, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-3740

    Cross-site scripting (XSS) vulnerability in SpiceWorks before 7.2.00195 allows remote authenticated users to inject arbitrary web script or HTML via the Summary field in a ticket request to the portal page.... Read more

    Affected Products : spiceworks
    • Published: Sep. 11, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-3065

    Cross-site scripting (XSS) vulnerability in the Parental Controls section in Linksys EA6500 with firmware 1.1.28.147876 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Blocked Specific Sites section.... Read more

    Affected Products : ea6500_firmware ea6500
    • Published: Sep. 29, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0840

    Multiple cross-site scripting (XSS) vulnerabilities in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : rational_focal_point
    • Published: Feb. 26, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-4938

    Cross-site scripting (XSS) vulnerability in the web interface in Pattern Insight 2.3 allows remote authenticated administrators to inject arbitrary web script or HTML via the banner message.... Read more

    Affected Products : pattern_insight
    • Published: Nov. 18, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-2827

    Cross-site scripting (XSS) vulnerability in CA Spectrum 9.2.x and 9.3.x before 9.3 H02 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : spectrum spectrum
    • Published: Apr. 08, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-4523

    Cross-site scripting (XSS) vulnerability in message/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted message.... Read more

    Affected Products : moodle
    • Published: Nov. 26, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-7274

    Cross-site scripting (XSS) vulnerability in Wallpaper Script 3.5.0082 allows remote authenticated users to inject arbitrary web script or HTML via the title field in a wallpaper file upload.... Read more

    Affected Products : wallpaperscript
    • Published: Jan. 08, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2009-0393

    Cross-site scripting (XSS) vulnerability in sysconf.cgi in Motorola Wimax modem CPEi300 allows remote authenticated users to inject arbitrary web script or HTML via the page parameter.... Read more

    Affected Products : cpei300
    • Published: Feb. 03, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2013-2969

    Cross-site scripting (XSS) vulnerability in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving invalid characters... Read more

    Affected Products : sterling_control_center
    • Published: Jun. 19, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-0127

    IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 does not properly restrict use of FRAME elements, which allows remote authenticated users ... Read more

    Affected Products : leads
    • Published: Jun. 28, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2020-16142

    On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the Bluetooth stack mishandles %x and %c format-string specifiers in a device name in the COMAND infotainment software.... Read more

    Affected Products : comand c220
    • Published: Aug. 27, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2009-4514

    Cross-site scripting (XSS) vulnerability in the OpenSocial Shindig-Integrator module 5.x and 6.x before 6.x-2.1, a module for Drupal, allows remote authenticated users, with "create application" privileges, to inject arbitrary web script or HTML via unspe... Read more

    Affected Products : drupal shindigintegrator
    • Published: Dec. 31, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2011-1029

    Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert (RTC) 2.0.0.x allows remote authenticated users to inject arbitrary web script or HTML via the name of a shared report.... Read more

    Affected Products : rational_team_concert
    • Published: Feb. 14, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-3025

    Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; ... Read more

    • Published: Jul. 30, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 292815 Results