Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2015-7230

    The Workbench Email module 7.x-3.x before 7.x-3.4 for Drupal allows remote authenticated users with certain permissions to bypass node and field validation by saving a node.... Read more

    Affected Products : workbench_email
    • EPSS Score: %0.14
    • Published: Sep. 17, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2009-2327

    Cross-site scripting (XSS) vulnerability in add_voting.php in KerviNet Forum 1.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the v_variant1 parameter.... Read more

    Affected Products : kervinet_forum
    • EPSS Score: %0.16
    • Published: Jul. 05, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2009-0359

    Multiple cross-site scripting (XSS) vulnerabilities in Samizdat before 0.6.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message title or (2) user full name.... Read more

    Affected Products : samizdat
    • EPSS Score: %0.34
    • Published: Feb. 17, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2012-3111

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect integrity, related to TECH, a different vulnerability than CVE-2012-1762.... Read more

    Affected Products : peoplesoft_products
    • EPSS Score: %0.38
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-1481

    Cross-site scripting (XSS) vulnerability in the table feature in PmWiki 2.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the width attribute.... Read more

    Affected Products : pmwiki
    • EPSS Score: %0.20
    • Published: May. 12, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2009-4513

    Multiple cross-site scripting (XSS) vulnerabilities in the Workflow module 5.x before 5.x-2.4 and 6.x before 6.x-1.2, a module for Drupal, allow remote authenticated users, with "administer workflow" privileges, to inject arbitrary web script or HTML via ... Read more

    Affected Products : drupal workflow
    • EPSS Score: %0.34
    • Published: Dec. 31, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2013-0297

    Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) site_name or (2) site_url parameter to apps/external/ajax/set... Read more

    Affected Products : owncloud owncloud_server
    • EPSS Score: %0.18
    • Published: Mar. 14, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-4392

    Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-2.7 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to field display settings.... Read more

    Affected Products : display_suite
    • EPSS Score: %0.20
    • Published: Jun. 15, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-4132

    Multiple cross-site scripting (XSS) vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : clearpass_policy_manager
    • EPSS Score: %0.28
    • Published: May. 28, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2007-0124

    Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before 4.7.5, when MySQL is used, allows remote authenticated users to cause a denial of service by poisoning the page cache via unspecified vectors, which triggers erroneous 404 HTTP errors for p... Read more

    Affected Products : drupal
    • EPSS Score: %0.86
    • Published: Jan. 09, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2011-3591

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editin... Read more

    Affected Products : phpmyadmin
    • EPSS Score: %0.18
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-4372

    Cross-site scripting (XSS) vulnerability in the Image Title module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : image_title
    • EPSS Score: %0.15
    • Published: Jun. 15, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2012-1829

    Multiple cross-site scripting (XSS) vulnerabilities in AutoFORM PDM Archive before 6.920 allow remote authenticated users to inject arbitrary web script or HTML via unspecified fields.... Read more

    Affected Products : autoform_pdm_archive
    • EPSS Score: %0.39
    • Published: Jun. 13, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2009-2610

    Cross-site scripting (XSS) vulnerability in the Links Related module in the Links Package 5.x before 5.x-1.13 and 6.x before 6.x-1.2, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via the title field.... Read more

    Affected Products : drupal links_package
    • EPSS Score: %0.34
    • Published: Jul. 27, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2015-2086

    Cross-site scripting (XSS) vulnerability in the live preview in the Panopoly Magic module before 7.x-1.17 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a pane title.... Read more

    Affected Products : panopoly_magic
    • EPSS Score: %0.21
    • Published: Feb. 26, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-2289

    Cross-site scripting (XSS) vulnerability in templates/2k11/admin/entries.tpl in Serendipity before 2.0.1 allows remote authenticated editors to inject arbitrary web script or HTML via the serendipity[cat][name] parameter to serendipity_admin.php, when cre... Read more

    Affected Products : serendipity
    • EPSS Score: %0.34
    • Published: Mar. 23, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-1516

    Cross-site scripting (XSS) vulnerability in Polycom RealPresence CloudAXIS Suite before 1.7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : realpresence_cloudaxis_suite
    • EPSS Score: %0.16
    • Published: Sep. 03, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2006-6775

    acFTP 1.5 allows remote authenticated users to cause a denial of service via a crafted argument to the (1) REST or (2) PBSZ command.... Read more

    Affected Products : acftp
    • EPSS Score: %4.22
    • Published: Dec. 27, 2006
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2008-5666

    WinFTP FTP Server 2.3.0, when passive (aka PASV) mode is used, allows remote authenticated users to cause a denial of service via a sequence of FTP sessions that include an invalid "NLST -1" command.... Read more

    Affected Products : winftp_ftp_server
    • EPSS Score: %63.29
    • Published: Dec. 19, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2007-5621

    Multiple cross-site scripting (XSS) vulnerabilities in the Token module before 4.7.x-1.5, and 5.x before 5.x-1.9, for Drupal; as used by the ASIN Field, e-Commerce, Fullname field for CCK, Invite, Node Relativity, Pathauto, PayPal Node, and Ubercart modul... Read more

    • EPSS Score: %0.20
    • Published: Oct. 22, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 291750 Results