Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2010-0370

    Cross-site scripting (XSS) vulnerability in the Node Blocks module 5.x-1.1 and earlier, and 6.x-1.3 and earlier, a module for Drupal, allows remote authenticated users, with permissions to create or edit content and administer blocks, to inject arbitrary ... Read more

    Affected Products : drupal nodeblock nodeblock
    • EPSS Score: %0.33
    • Published: Jan. 21, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-5202

    Cross-site scripting (XSS) vulnerability in compfight-search.php in the Compfight plugin 1.4 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the search-value parameter.... Read more

    Affected Products : compfight
    • EPSS Score: %0.14
    • Published: Aug. 12, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2017-10014

    Vulnerability in the Oracle Hospitality Hotel Mobile component of Oracle Hospitality Applications (subcomponent: Suite8/RESTAPI). The supported version that is affected is 1.1. Easily exploitable vulnerability allows low privileged attacker with network a... Read more

    Affected Products : hospitality_hotel_mobile
    • EPSS Score: %0.24
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2015-0521

    Cross-site scripting (XSS) vulnerability in EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the ... Read more

    • EPSS Score: %0.10
    • Published: Mar. 12, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2012-2361

    Cross-site scripting (XSS) vulnerability in admin/webservice/forms.php in the web services implementation in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via... Read more

    Affected Products : moodle
    • EPSS Score: %0.16
    • Published: Jul. 21, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2024-23319

    Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message.... Read more

    Affected Products : mattermost_server mattermost
    • EPSS Score: %0.09
    • Published: Feb. 09, 2024
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2007-5319

    Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solaris 8, 9, and 10 allows local users with console (/dev/console) access to cause a denial of service ("unusable" system console) via unspecified vectors.... Read more

    Affected Products : solaris
    • EPSS Score: %0.61
    • Published: Oct. 09, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2013-0478

    Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 and 10.1 before FP1 and InfoSphere Master Data Management Server for Product Information Management 6.0, 9.0, and 9.1 allows remote authenticate... Read more

    • EPSS Score: %0.17
    • Published: Feb. 21, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-4525

    Cross-site scripting (XSS) vulnerability in mod/quiz/report/responses/responses_table.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbitrary web script or HTML vi... Read more

    Affected Products : moodle
    • EPSS Score: %0.21
    • Published: Nov. 26, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2024-41663

    Canarytokens help track activity and actions on a network. A Cross-Site Scripting vulnerability was identified in the "Cloned Website" Canarytoken, whereby the Canarytoken's creator can attack themselves. The creator of a slow-redirect Canarytoken can in... Read more

    Affected Products : canarytokens
    • Published: Jul. 23, 2024
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2016-8535

    A remote HTTP parameter Pollution vulnerability in HPE Matrix Operating Environment version 7.6 was found.... Read more

    Affected Products : matrix_operating_environment
    • EPSS Score: %0.24
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2021-45916

    The programming function of Shockwall system has an improper input validation vulnerability. An authenticated attacker within the local area network can send malicious response to the server to disrupt the service partially.... Read more

    • EPSS Score: %0.08
    • Published: Jan. 03, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2022-29820

    In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible... Read more

    Affected Products : pycharm
    • EPSS Score: %0.00
    • Published: Apr. 28, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2022-24236

    An insecure permissions vulnerability in Snapt Aria v12.8 allows unauthenticated attackers to send e-mails from spoofed users' accounts.... Read more

    Affected Products : aria
    • EPSS Score: %0.25
    • Published: Mar. 21, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2024-37887

    Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise... Read more

    Affected Products : nextcloud_server notes
    • Published: Jun. 14, 2024
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2017-1150

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to view. IBM Reference #: 1999515.... Read more

    Affected Products : db2
    • EPSS Score: %0.16
    • Published: Mar. 08, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2015-1890

    /usr/lpp/mmfs/bin/gpfs.snap in IBM General Parallel File System (GPFS) 4.1 before 4.1.0.7 produces an archive potentially containing cleartext keys, and lacks a warning about reviewing this archive to detect included keys, which might allow remote attacke... Read more

    Affected Products : general_parallel_file_system
    • EPSS Score: %0.15
    • Published: Apr. 06, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2025-30235

    Shearwater SecurEnvoy SecurAccess Enrol before 9.4.515 is intended to disable accounts that have had more than 10 failed authentication attempts, but instead allows hundreds of failed authentication attempts, because concurrent attempts are mishandled.... Read more

    Affected Products : securaccess
    • Published: Mar. 19, 2025
    • Modified: Mar. 19, 2025
    • Vuln Type: Authentication

  • 3.5

    LOW
    CVE-2013-0533

    Cross-site scripting (XSS) vulnerability in the Sametime Links server in IBM Sametime 8.0.2 through 8.5.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • EPSS Score: %0.14
    • Published: Apr. 28, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-3840

    Multiple cross-site scripting (XSS) vulnerabilities in apps/common/templates/calculate_form_title.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a (1) tag or the (2) title of a source in a Staging folde... Read more

    Affected Products : mayan_edms
    • EPSS Score: %1.25
    • Published: May. 27, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 292316 Results