Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2014-5169

    Cross-site scripting (XSS) vulnerability in the Date module before 7.x-2.8 for Drupal allows remote authenticated users with the permission to create a date field to inject arbitrary web script or HTML via the date field title.... Read more

    Affected Products : date
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-6592

    Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity via vectors related to SAML, a different vulnerability than CVE-2015-0389.... Read more

    Affected Products : fusion_middleware opensso
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-4836

    Cross-site scripting (XSS) vulnerability in breakOutWithName.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbitrary web s... Read more

    Affected Products : tririga_application_platform
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-4771

    IBM WebSphere MQ 7.0.1 before 7.0.1.13, 7.1 before 7.1.0.6, 7.5 before 7.5.0.5, and 8 before 8.0.0.1 allows remote authenticated users to cause a denial of service (queue-slot exhaustion) by leveraging PCF query privileges for a crafted query.... Read more

    Affected Products : websphere_mq
    • Published: Feb. 13, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-4803

    CRLF injection vulnerability in the Universal Access implementation in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix007, and 6.0.5 before 6.0.5.5 iFix003, when WebSphere Application Server is not used, allows remote au... Read more

    Affected Products : curam_social_program_management
    • Published: Feb. 13, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-2451

    Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Privileges.... Read more

    Affected Products : mysql
    • Published: Apr. 16, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2011-0905

    The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a ... Read more

    Affected Products : vino
    • Published: May. 10, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2021-26071

    The SetFeatureEnabled.jspa resource in Jira Server and Data Center before version 8.5.13, from version 8.6.0 before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to enable and disable Jira Software configu... Read more

    • Published: Apr. 01, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2017-2383

    An issue was discovered in certain Apple products. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. The issue involves cleartext client-certificate transmission in the "APNs Server" component. It allows man-in-the-middl... Read more

    Affected Products : itunes icloud
    • Published: Apr. 02, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2007-6303

    MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SE... Read more

    Affected Products : mysql mysql
    • Published: Dec. 10, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2022-24236

    An insecure permissions vulnerability in Snapt Aria v12.8 allows unauthenticated attackers to send e-mails from spoofed users' accounts.... Read more

    Affected Products : aria
    • Published: Mar. 21, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2021-42700

    Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information.... Read more

    Affected Products : inkscape
    • Published: May. 18, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2012-0827

    The File module in Drupal 7.x before 7.11, when using unspecified field access modules, allows remote authenticated users to read arbitrary private files that are associated with restricted fields via unspecified vectors.... Read more

    Affected Products : drupal
    • Published: Oct. 28, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-4791

    Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability."... Read more

    Affected Products : exchange_server
    • Published: Dec. 12, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2008-3197

    Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the con... Read more

    Affected Products : phpmyadmin
    • Published: Jul. 16, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2013-6721

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.x through 8.0.0.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving widgets.... Read more

    • Published: Dec. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-6033

    Multiple cross-site scripting (XSS) vulnerabilities on Lexmark W840 through LS.HA.P252, T64x before LS.ST.P344, C935dn through LC.JO.P091, C920 through LS.TA.P152, C53x through LS.SW.P069, C52x through LS.FA.P150, E450 through LM.SZ.P124, E350 through LE.... Read more

    Affected Products : c52x c53x c920 c935dn e250 e350 e450 t64x w840
    • Published: Feb. 04, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-6301

    Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated ... Read more

    Affected Products : algo_one
    • Published: Mar. 05, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-6725

    Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote authenticated administrators to inject arbitrary web script or HTM... Read more

    Affected Products : websphere_application_server
    • Published: Jan. 16, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-0178

    Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potenti... Read more

    Affected Products : samba
    • Published: May. 28, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 292795 Results