Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2010-4427

    Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 10.1.3.4.0, 10.1.3.4.1, and 11.1.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Web Server.... Read more

    Affected Products : fusion_middleware
    • Published: Jan. 19, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-4547

    IBM Lotus Notes Traveler before 8.5.1.3, when a multidomain environment is used, does not properly apply policy documents to mobile users from a different Domino domain than the Traveler server, which allows remote authenticated users to bypass intended a... Read more

    Affected Products : lotus_notes_traveler notes_traveler
    • Published: Dec. 16, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2024-13261

    Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia DAM allows Cross Site Request Forgery.This issue affects Acquia DAM: from 0.0.0 before 1.0.13, from 1.1.0 before 1.1.0-beta3.... Read more

    Affected Products : dam
    • Published: Jan. 09, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 3.5

    LOW
    CVE-2023-3906

    An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, allowed an authenticated attacker to craft image urls which bypass the asset proxy.... Read more

    Affected Products : gitlab
    • Published: Sep. 29, 2023
    • Modified: May. 05, 2025

  • 3.5

    LOW
    CVE-2010-1481

    Cross-site scripting (XSS) vulnerability in the table feature in PmWiki 2.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the width attribute.... Read more

    Affected Products : pmwiki
    • Published: May. 12, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-3266

    Multiple cross-site scripting (XSS) vulnerabilities in BugTracker.NET before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the pcd parameter to edit_bug.aspx, (2) the bug_id parameter to edit_comment.aspx, (3) the i... Read more

    Affected Products : bugtracker.net
    • Published: Dec. 02, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-0084

    Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 7.5.2, 10.1.3.5.1, 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote authenticated users to affect integrity via unknown vectors related to Content Server.... Read more

    Affected Products : fusion_middleware
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2020-15103

    In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly acc... Read more

    • Published: Jul. 27, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2010-3512

    Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 7.0u8 allows remote authenticated users to affect confidentiality, related to DAV (WebDAV).... Read more

    Affected Products : sun_products_suite
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-3303

    Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.3 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) a plugin name, related to manage_plugin_uninstall.php; (2) an enumeration value or (3) a ... Read more

    Affected Products : mantisbt
    • Published: Oct. 05, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-2802

    Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.2 allows remote authenticated users to inject arbitrary web script or HTML via an HTML document with a .gif filename extension, related to inline attachments.... Read more

    Affected Products : mantisbt
    • Published: Sep. 07, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2024-57611

    07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/doAdminAction.php?act=editShop&shopId.... Read more

    Affected Products : 07flycms
    • Published: Jan. 16, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 3.5

    LOW
    CVE-2008-1330

    Unspecified vulnerability in the Windows client API in Novell GroupWise 7 before SP3 and 6.5 before SP6 Update 3 allows remote authenticated users to access the non-shared stored e-mail messages of another user who has shared at least one folder with the ... Read more

    Affected Products : groupwise
    • Published: Mar. 18, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2008-1627

    CDS Invenio 0.92.1 and earlier allows remote authenticated users to delete email notification alerts of arbitrary users via a modified internal UID.... Read more

    Affected Products : invenio
    • Published: Apr. 02, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2025-48219

    O2 UK before 2025-05-19 allows subscribers to determine the Cell ID of other subscribers by initiating an IMS (IP Multimedia Subsystem) call and then reading the utran-cell-id-3gpp field of a Cellular-Network-Info SIP header, aka an ECI (E-UTRAN Cell Iden... Read more

    Affected Products :
    • Published: May. 18, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Information Disclosure

  • 3.5

    LOW
    CVE-2015-6354

    Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.4.1.3 and 6.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuv73338.... Read more

    Affected Products : firesight_system_software
    • Published: Oct. 31, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-5690

    Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) content with the text/xml MIME type or (2) the Status comment field of an appointment... Read more

    Affected Products : open-xchange_appsuite
    • Published: Oct. 03, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-3617

    The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces,... Read more

    Affected Products : openbravo_erp
    • Published: Nov. 02, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-6307

    Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • Published: Nov. 29, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-6237

    The ISL Desktop plugin for Windows before 1.4.7 for ISL Light 3.5.4 and earlier allows remote authenticated users to obtain sensitive information by pasting the clipboard contents that have been copied by another user in the session.... Read more

    Affected Products : isl_desktop_plugin isl_light
    • Published: Dec. 10, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 293358 Results