Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2012-2381

    Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.... Read more

    Affected Products : roller
    • Published: Jun. 26, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-1648

    The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote authenticated users to trigger arbitrary outbound TCP traffic via... Read more

    Affected Products : open-xchange_server
    • Published: Sep. 05, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-8899

    Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 b... Read more

    • Published: Dec. 22, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-4763

    Cross-site scripting (XSS) vulnerability in Content Navigator in Content Engine in IBM FileNet Content Manager 5.2.x before 5.2.0.3-P8CPE-IF003 and Content Foundation 5.2.x before 5.2.0.3-P8CPE-IF003 allows remote authenticated users to inject arbitrary w... Read more

    • Published: Sep. 15, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-2403

    Unspecified vulnerability in the Siebel Enterprise Application Integration component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Web Services, a different vulnerability th... Read more

    Affected Products : siebel_crm
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-4536

    EMC Documentum Content Server before 7.0 P20, 7.1 before P18, and 7.2 before P02, when RPC tracing is configured, stores certain obfuscated password data in a log file, which allows remote authenticated users to obtain sensitive information by reading thi... Read more

    Affected Products : documentum_content_server
    • Published: Aug. 20, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-4807

    Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache.... Read more

    Affected Products : fedora leap mysql mariadb opensuse solaris
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2024-54681

    Multiple bash files were present in the application's private directory. Bash files can be used on their own, by an attacker that has already full access to the mobile platform to compromise the translations for the application.... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Misconfiguration

  • 3.5

    LOW
    CVE-2024-58248

    nopCommerce before 4.80.0 does not offer locking for order placement. Thus there is a race condition with duplicate redeeming of gift cards.... Read more

    Affected Products : nopcommerce
    • Published: Apr. 16, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Race Condition

  • 3.5

    LOW
    CVE-2017-3320

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via... Read more

    Affected Products : mysql
    • Published: Jan. 27, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2008-1969

    Multiple cross-site scripting (XSS) vulnerabilities in Cezanne 6.5.1 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) LookUPId and (2) CbFun parameters to (a) CFLookUP.asp; (3) TitleParms, (4) WidgetsHeights, (5) WidgetsLink... Read more

    Affected Products : cezanne
    • Published: Apr. 27, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2012-0544

    Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.4.0 allows remote authenticated users to affect integrity via unknown vectors related to Core, a... Read more

    Affected Products : financial_services_software
    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2025-37109

    Cross-site scripting vulnerability has been identified in HPE Telco Service Activator product... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2013-6322

    Cross-site scripting (XSS) vulnerability in Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 8.0 before HF128 and 8.5 before HF93 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • Published: Nov. 28, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2006-4360

    Cross-site scripting (XSS) vulnerability in E-commerce 4.7 for Drupal before file.module 1.37.2.4 (20060812) allows remote authenticated users with the "create products" permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal_e-commerce_module
    • Published: Aug. 27, 2006
    • Modified: Apr. 03, 2025

  • 3.5

    LOW
    CVE-2010-3093

    The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a crafted URL, related to an "unpublishing bypass" issue.... Read more

    Affected Products : drupal
    • Published: Sep. 21, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-6145

    Cross-site scripting (XSS) vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : typo3
    • Published: Jul. 01, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2009-0871

    The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of serv... Read more

    Affected Products : asterisk open_source
    • Published: Mar. 11, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2013-0540

    IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.0.2, when SSL is not enabled, does not properly validate authentication cookies, which allows remote authenticated users to bypass intended access restrictions via an HTTP session.... Read more

    Affected Products : websphere_application_server
    • Published: Apr. 24, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-0597

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0, when OAuth is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecifie... Read more

    Affected Products : websphere_application_server
    • Published: Aug. 21, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 293601 Results