Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2012-6074

    Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to ... Read more

    Affected Products : jenkins jenkins
    • Published: Feb. 24, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-0933

    Absolute path traversal vulnerability in ShareLaTeX 0.1.3 and earlier, when the paranoid openin_any setting is omitted, allows remote authenticated users to read arbitrary files via a \include command.... Read more

    Affected Products : sharelatex
    • Published: Mar. 04, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-8909

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF29, 8.0.0.x before 8.0.0.1 CF15, and 8.5.0 before CF05 allows remote authenticated users to inject arbit... Read more

    Affected Products : websphere_portal
    • Published: Feb. 13, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-1516

    Cross-site scripting (XSS) vulnerability in Polycom RealPresence CloudAXIS Suite before 1.7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : realpresence_cloudaxis_suite
    • Published: Sep. 03, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-0485

    Unspecified vulnerability in the PeopleSoft Enterprise SCM Strategic Sourcing component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.... Read more

    Affected Products : peoplesoft_products
    • Published: Apr. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-1621

    Cross-site scripting (XSS) vulnerability in the Webform prepopulate block module before 7.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : webform_prepopulate_block
    • Published: Feb. 17, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-8772

    Cross-site scripting (XSS) vulnerability in the search_controller in X3 CMS 0.5.1 and 0.5.1.1 allows remote authenticated users to inject arbitrary web script or HTML via the search parameter.... Read more

    Affected Products : x3_cms
    • Published: Dec. 03, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-0216

    access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted essay feedback.... Read more

    Affected Products : moodle
    • Published: Jun. 01, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-0212

    Cross-site scripting (XSS) vulnerability in course/pending.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted course summary.... Read more

    Affected Products : moodle
    • Published: Jun. 01, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-0364

    Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect availability via unknown vectors related to Integration Business Services.... Read more

    Affected Products : siebel_crm
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2019-10155

    The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity check value ... Read more

    • Published: Jun. 12, 2019
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2021-2335

    Vulnerability in the Oracle Database - Enterprise Edition Data Redaction component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Creat... Read more

    Affected Products : database database_server
    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2021-31224

    SES Evolution before 2.1.0 allows duplicating an existing security policy by leveraging access of a user having read-only access to security policies.... Read more

    Affected Products : endpoint_security
    • Published: Jul. 13, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2021-36181

    A concurrent execution using shared resource with improper Synchronization vulnerability ('Race Condition') in the customer database interface of FortiPortal before 6.0.6 may allow an authenticated, low-privilege user to bring the underlying database data... Read more

    Affected Products : fortiportal
    • Published: Nov. 02, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2016-0606

    Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to en... Read more

    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2024-29181

    Strapi is an open-source content management system. Prior to version 4.19.1, a super admin can create a collection where an item in the collection has an association to another collection. When this happens, another user with Author Role can see the list ... Read more

    Affected Products : strapi
    • Published: Jun. 12, 2024
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2014-0967

    Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows... Read more

    • Published: Jul. 19, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-9505

    Cross-site scripting (XSS) vulnerability in the School Administration module 7.x-1.x before 7.x-1.8 for Drupal allows remote authenticated users with permission to create or edit a class node to inject arbitrary web script or HTML via a node title.... Read more

    Affected Products : school_administration
    • Published: Jan. 09, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-0468

    Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-... Read more

    • Published: Jul. 03, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2025-49760

    External control of file name or path in Windows Storage allows an authorized attacker to perform spoofing over a network.... Read more

    • Published: Jul. 08, 2025
    • Modified: Jul. 16, 2025
    • Vuln Type: Path Traversal
Showing 20 of 292811 Results