Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2023-49578

    SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform Denial of service attack from adjacent UI by sending a malicious request which leads to low impact on the availability and no impact on confidentiality or Integr... Read more

    Affected Products : cloud_connector
    • Published: Dec. 12, 2023
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2014-5411

    Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : clearscada scada_expert_clearscada
    • Published: Sep. 18, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2008-3903

    Asterisk Open Source 1.2.x before 1.2.32, 1.4.x before 1.4.24.1, and 1.6.0.x before 1.6.0.8; Asterisk Business Edition A.x.x, B.x.x before B.2.5.8, C.1.x.x before C.1.10.5, and C.2.x.x before C.2.3.3; s800i 1.3.x before 1.3.0.2; and Trixbox PBX 2.6.1, whe... Read more

    Affected Products : p_b_x pbx
    • Published: Sep. 04, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2011-4340

    Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.2.3 and possibly other versions before 2.2.4 allow remote authenticated users with Author privileges to inject arbitrary web script or HTML via (1) the profile parameter to extensions/p... Read more

    Affected Products : symphony_cms
    • Published: Feb. 12, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2009-0743

    Cross-site scripting (XSS) vulnerability in the edit account page in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote authenticated users to inject arbitrar... Read more

    • Published: Feb. 27, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2009-2610

    Cross-site scripting (XSS) vulnerability in the Links Related module in the Links Package 5.x before 5.x-1.13 and 6.x before 6.x-1.2, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via the title field.... Read more

    Affected Products : drupal links_package
    • Published: Jul. 27, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2008-5446

    Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10 CU2 and 12.0.6 allows remote authenticated users to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from t... Read more

    • Published: Jan. 14, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2009-0809

    The Web Editor in Dassault Systemes ENOVIA SmarTeam V5 before Release 18 Service Pack 8, and possibly CATIA and other products, allows remote authenticated users to read the profile card of an object in the document class via a link that is sent from the ... Read more

    Affected Products : enovia_smarteam catia
    • Published: Mar. 04, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2009-0817

    Cross-site scripting (XSS) vulnerability in the Protected Node module 5.x before 5.x-1.4 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users with "administer site configuration" permissions to inject arbitrary web script or HTML... Read more

    • Published: Mar. 05, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2008-5026

    Microsoft SharePoint uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-si... Read more

    Affected Products : sharepoint_server
    • Published: Nov. 10, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2010-2802

    Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.2 allows remote authenticated users to inject arbitrary web script or HTML via an HTML document with a .gif filename extension, related to inline attachments.... Read more

    Affected Products : mantisbt
    • Published: Sep. 07, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-0081

    Unspecified vulnerability in the Application Server Control component in Oracle Fusion Middleware 10.1.2.3 and 10.1.4.0.1 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2010-2381.... Read more

    Affected Products : fusion_middleware
    • Published: Jul. 13, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-1548

    The auto-complete functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal does not follow access restrictions, which allows remote authenticated users, with "access content" privileges, to read the title of an unpublished n... Read more

    Affected Products : ctools
    • Published: May. 21, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-1107

    Cross-site scripting (XSS) vulnerability in the Recent Comments module 5.x through 5.x-1.2 and 6.x through 6.x-1.0 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a "custom block title interface."... Read more

    Affected Products : drupal recent_comments
    • Published: Mar. 25, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-0801

    Directory traversal vulnerability in the AutartiTarot (com_autartitarot) component 1.0.3 for Joomla! allows remote authenticated users, with "Public Back-end" group permissions, to read arbitrary files via directory traversal sequences in the controller p... Read more

    Affected Products : joomla\! com_autartitarot
    • Published: Mar. 02, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-3303

    Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.3 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) a plugin name, related to manage_plugin_uninstall.php; (2) an enumeration value or (3) a ... Read more

    Affected Products : mantisbt
    • Published: Oct. 05, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-2697

    Cross-site scripting (XSS) vulnerability in Sijio Community Software allows remote authenticated users to inject arbitrary web script or HTML via the title parameter when adding a new blog, related to edit_blog/index.php. NOTE: some of these details are ... Read more

    Affected Products : community_software
    • Published: Jul. 12, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-0716

    _layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated user... Read more

    Affected Products : sharepoint_server
    • Published: Feb. 26, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-3266

    Multiple cross-site scripting (XSS) vulnerabilities in BugTracker.NET before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the pcd parameter to edit_bug.aspx, (2) the bug_id parameter to edit_comment.aspx, (3) the i... Read more

    Affected Products : bugtracker.net
    • Published: Dec. 02, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-0155

    CRLF injection vulnerability in load.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticated users to inject arbitrary HTTP headers and conduct HT... Read more

    • Published: Sep. 14, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 293186 Results