Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2012-1676

    Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Virtual... Read more

    Affected Products : financial_services_software
    • EPSS Score: %0.19
    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-6734

    IBM WebSphere eXtreme Scale Client 7.1 through 8.6.0.4 does not properly isolate the cached data of different users, which allows remote authenticated users to obtain sensitive information in opportunistic circumstances by leveraging access to the same we... Read more

    Affected Products : websphere_extreme_scale_client
    • EPSS Score: %0.16
    • Published: Feb. 22, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-0968

    Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows... Read more

    • EPSS Score: %0.17
    • Published: Jul. 19, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2012-0531

    Unspecified vulnerability in the PeopleSoft Enterprise Portal component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect integrity via unknown vectors related to Enterprise Portal.... Read more

    Affected Products : peoplesoft_products
    • EPSS Score: %0.32
    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-3142

    Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.5, 5.1.0, 5.2.0, and 5.3.0 through 5.3.4 allows remote authenticated users to affect confidentiality, related to BASE.... Read more

    Affected Products : financial_services_software
    • EPSS Score: %0.22
    • Published: Oct. 16, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2024-33007

    PDFViewer is a control delivered as part of SAPUI5 product which shows the PDF content in an embedded mode by default. If a PDF document contains embedded JavaScript (or any harmful client-side script), the PDFViewer will execute the JavaScript embedded i... Read more

    Affected Products : sapui5
    • Published: May. 14, 2024
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2015-6494

    Cross-site scripting (XSS) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : mango_automation
    • EPSS Score: %0.42
    • Published: Oct. 28, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2008-1131

    Cross-site scripting (XSS) vulnerability in Drupal 6.0 allows remote authenticated users to inject arbitrary web script or HTML via titles in content edit forms.... Read more

    Affected Products : drupal
    • EPSS Score: %0.25
    • Published: Mar. 04, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2014-6145

    Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence 10.1 before IF10, 10.1.1 before IF9, 10.2 before IF11, 10.2.1 before IF8, and 10.2.1.1 before IF7 allows remote authenticated users to inject arbitrary web script o... Read more

    Affected Products : cognos_business_intelligence
    • EPSS Score: %0.17
    • Published: Dec. 12, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2007-4717

    Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.6 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) dir parameter in admin/adminusers.php, the (2) action parameter in admin/advancedUse... Read more

    Affected Products : claroline
    • EPSS Score: %1.42
    • Published: Sep. 05, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2015-4337

    Cross-site scripting (XSS) vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the excl_manual parameter in the xcloner_show page to wpadmin/plugins.php.... Read more

    Affected Products : xcloner
    • EPSS Score: %0.18
    • Published: Jun. 17, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-2347

    Amtelco miSecureMessages (aka MSM) 6.2 does not properly manage sessions, which allows remote authenticated users to obtain sensitive information via a modified message request.... Read more

    Affected Products : misecuremessages
    • EPSS Score: %4.58
    • Published: May. 06, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-4917

    Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 allows remote authenticated users to affect integrity via unknown vectors related to Security, a different vulnerability than CVE-2015-4892.... Read more

    Affected Products : supply_chain_products_suite
    • EPSS Score: %0.15
    • Published: Oct. 22, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-5497

    Cross-site scripting (XSS) vulnerability in the Web Links module 6.x-2.x before 6.x-2.6 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : web_links
    • EPSS Score: %0.15
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-0451

    Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 3.0-04 allows remote authenticated users to affect confidentiality via vectors related to OpenSSO Web Agents.... Read more

    Affected Products : fusion_middleware opensso
    • EPSS Score: %0.14
    • Published: Apr. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2007-3559

    Cross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/shoutbox_panel.php in PHP-Fusion 6.01.10 and 6.01.9, when guest posts are enabled, allows remote authenticated users to inject arbitrary web script or HTML via the URI, related to the FU... Read more

    Affected Products : phpfusion php-fusion
    • EPSS Score: %0.23
    • Published: Jul. 04, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2015-4354

    Cross-site scripting (XSS) vulnerability in the Ubercart Webform Integration module before 6.x-1.8 and 7.x before 7.x-2.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : ubercart_webform_integration
    • EPSS Score: %0.18
    • Published: Jun. 15, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2010-4624

    MyBB (aka MyBulletinBoard) before 1.4.12 allows remote authenticated users to bypass intended restrictions on the number of [img] MyCodes by editing a post after it has been created.... Read more

    Affected Products : mybb
    • EPSS Score: %0.57
    • Published: Dec. 30, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2011-3519

    Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.2 and 12.1.3 allows remote authenticated users to affect confidentiality, related to REST Services.... Read more

    Affected Products : e-business_suite
    • EPSS Score: %0.19
    • Published: Oct. 18, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2008-2849

    Cross-site scripting (XSS) vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote authenticated users, with create post permissions, to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : trailscout_module
    • EPSS Score: %0.15
    • Published: Jun. 25, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 291779 Results