Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2014-0407

    Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to... Read more

    Affected Products : vm_virtualbox
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-3167

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search.... Read more

    • Published: Oct. 17, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2022-1981

    An issue has been discovered in GitLab EE affecting all versions starting from 12.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. In GitLab, if a group enables the setting to restrict access to users belonging to specific domains, that... Read more

    Affected Products : gitlab
    • Published: Jul. 01, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2012-3390

    lib/filelib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly restrict file access after a block has been hidden, which allows remote authenticated users to obtain sensitive information by reading a file that is embedded in a block... Read more

    Affected Products : moodle
    • Published: Jul. 23, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-4730

    Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive information via unknown vectors.... Read more

    Affected Products : rt request_tracker
    • Published: Nov. 11, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-6525

    Unspecified vulnerability in the Oracle Web Applications Desktop Integrator component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote authenticated users to affect integrity via unknown vectors related to Tem... Read more

    Affected Products : e-business_suite
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-3174

    mod/quiz/db/access.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted gr... Read more

    Affected Products : moodle
    • Published: Jun. 01, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-2522

    Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via crafted content, aka "Microsoft SharePoint XSS Spoofing Vulnerability."... Read more

    Affected Products : sharepoint_foundation
    • Published: Sep. 09, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2003-1463

    Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows remote attackers with administrator privileges to (1) determine the installation path by reading the contents of the Name parameter in a link, and (2) read arb... Read more

    Affected Products : webadmin all_windows
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 3.5

    LOW
    CVE-2016-8016

    Information exposure in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to obtain the existence of unauthorized files on the system via a URL parameter.... Read more

    Affected Products : virusscan_enterprise
    • Published: Mar. 14, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2014-4251

    Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.7.0 and 12.1.2.0 allows remote authenticated users to affect integrity via vectors related to plugin 1.1.... Read more

    Affected Products : http_server fusion_middleware
    • Published: Jul. 17, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-6487

    Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote authenticated users to affect integrity via unknown vectors related to End User Self Service.... Read more

    Affected Products : identity_manager fusion_middleware
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-0862

    Multiple cross-site scripting (XSS) vulnerabilities in the management web UI in the RabbitMQ management plugin before 3.4.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) message details when a message is unqueued, such as... Read more

    Affected Products : rabbitmq_management
    • Published: Jan. 18, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-4756

    The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4.x before 8.1.4.4 allows remote authenticated users to hijack sessions via unspecified vectors.... Read more

    Affected Products : rational_license_key_server
    • Published: Sep. 10, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-4770

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated administrators to inject arbitrary web script or HTML via... Read more

    Affected Products : websphere_application_server
    • Published: Sep. 23, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2016-8651

    An input validation flaw was found in the way OpenShift 3 handles requests for images. A user, with a copy of the manifest associated with an image, can pull an image even if they do not have access to the image normally, resulting in the disclosure of an... Read more

    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2015-1619

    Cross-site scripting (XSS) vulnerability in the Secure Web Mail Client user interface in McAfee Email Gateway (MEG) 7.6.x before 7.6.3.2, 7.5.x before 75.6, 7.0.x through 7.0.5, 5.6, and earlier allows remote authenticated users to inject arbitrary web sc... Read more

    Affected Products : email_gateway
    • Published: Feb. 17, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2017-5930

    The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check.... Read more

    Affected Products : leap postfixadmin
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2024-13122

    The AFI WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for exa... Read more

    Affected Products : advanced_form_integration
    • Published: Mar. 25, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2024-13123

    The AFI WordPress plugin before 1.100.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for exa... Read more

    Affected Products : advanced_form_integration
    • Published: Mar. 25, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293284 Results