Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2014-4803

    CRLF injection vulnerability in the Universal Access implementation in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix007, and 6.0.5 before 6.0.5.5 iFix003, when WebSphere Application Server is not used, allows remote au... Read more

    Affected Products : curam_social_program_management
    • EPSS Score: %0.14
    • Published: Feb. 13, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2024-35777

    Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Automattic WooCommerce allows Content Spoofing.This issue affects WooCommerce: from n/a through 8.9.2.... Read more

    Affected Products : woocommerce
    • Published: Jul. 09, 2024
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2013-5541

    Cross-site scripting (XSS) vulnerability in the file-upload interface in Cisco Identity Services Engine (ISE) allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename, aka Bug ID CSCui67495.... Read more

    • EPSS Score: %0.18
    • Published: Oct. 16, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2007-4888

    The "You are not allowed..." error handler in XWiki 1.0 B1 and 1.0 B2 associates the doc variable with the entire document content and metadata regardless of a user's view rights, which allows remote authenticated users to read arbitrary documents via a c... Read more

    Affected Products : xwiki
    • EPSS Score: %0.05
    • Published: Sep. 14, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2014-4763

    Cross-site scripting (XSS) vulnerability in Content Navigator in Content Engine in IBM FileNet Content Manager 5.2.x before 5.2.0.3-P8CPE-IF003 and Content Foundation 5.2.x before 5.2.0.3-P8CPE-IF003 allows remote authenticated users to inject arbitrary w... Read more

    • EPSS Score: %0.21
    • Published: Sep. 15, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-2464

    Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.... Read more

    Affected Products : supply_chain_products_suite
    • EPSS Score: %0.17
    • Published: Apr. 16, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-3920

    Cross-site scripting (XSS) vulnerability in Jahia xCM before 6.6.2 allows remote authenticated users to inject arbitrary web script or HTML via the "about me" field.... Read more

    Affected Products : jahia_xcm
    • EPSS Score: %0.16
    • Published: Nov. 27, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-6743

    Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving an IMG element.... Read more

    Affected Products : sametime sametime_meeting_server
    • EPSS Score: %0.19
    • Published: Feb. 14, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-4204

    Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.53 allows remote authenticated users to affect integrity via vectors related to PIA Core Technology.... Read more

    Affected Products : peoplesoft_products
    • EPSS Score: %0.38
    • Published: Jul. 17, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-8899

    Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 b... Read more

    • EPSS Score: %0.14
    • Published: Dec. 22, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-1925

    The Chaos Tool Suite (ctools) module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict node access, which allows remote authenticated users with the "access content" permission to read restricted node titles via an autocomplete list.... Read more

    Affected Products : ctools
    • EPSS Score: %0.42
    • Published: Jul. 16, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2006-5883

    Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) dir parameter in (a) seldir.html, and the (2) user and (3) dir parameters in (b) newuser.html.... Read more

    Affected Products : cpanel
    • EPSS Score: %1.36
    • Published: Nov. 14, 2006
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2007-4741

    Cross-site scripting (XSS) vulnerability in admin/adminusers.php in Claroline before 1.8.6 allows remote authenticated administrators to inject arbitrary web script or HTML via the sort parameter. NOTE: the provenance of this information is unknown; the ... Read more

    Affected Products : claroline
    • EPSS Score: %0.18
    • Published: Sep. 06, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2010-4813

    Cross-site scripting (XSS) vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML by editing or creating vocabulary names, whi... Read more

    Affected Products : drupal category_tokens
    • EPSS Score: %0.18
    • Published: Jul. 08, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-3032

    Cross-site scripting (XSS) vulnerability in the Web GUI in IBM Tivoli Netcool/OMNIbus 7.3.0 before 7.3.0.6, 7.3.1 before 7.3.1.7, and 7.4.0 before 7.4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.... Read more

    • EPSS Score: %0.17
    • Published: Jan. 17, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2007-1732

    Cross-site scripting (XSS) vulnerability in an mt import in wp-admin/admin.php in WordPress 2.1.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the demo parameter. NOTE: the provenance of this information is unknow... Read more

    Affected Products : wordpress
    • EPSS Score: %0.39
    • Published: Mar. 28, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2011-2406

    Cross-site scripting (XSS) vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : openview_performance_insight
    • EPSS Score: %0.22
    • Published: Aug. 11, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-2971

    Cross-site scripting (XSS) vulnerability in AddStdLetter.jsp in MicroPact iComplaints before 8.0.2.1.8.8014 allows remote authenticated users to inject arbitrary web script or HTML via the description parameter.... Read more

    Affected Products : icomplaints
    • EPSS Score: %0.34
    • Published: Jul. 24, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-7025

    Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to injec... Read more

    • EPSS Score: %2.02
    • Published: Dec. 09, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-6003

    CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vectors.... Read more

    Affected Products : garoon
    • EPSS Score: %0.22
    • Published: Dec. 05, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 291902 Results