Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2012-2310

    Cross-site scripting (XSS) vulnerability in the cctags module for Drupal 6.x-1.x before 6.x-1.10 and 7.x-1.x before 7.x-1.10 allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal cctags
    • Published: Jul. 25, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2021-2159

    Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Frameworks). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTT... Read more

    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2024-30950

    A stored cross-site scripting (XSS) vulnerability in FUDforum v3.1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SQL statements field under /adm/admsql.php.... Read more

    Affected Products : fudforum
    • Published: Apr. 17, 2024
    • Modified: Jun. 10, 2025

  • 3.5

    LOW
    CVE-2024-6620

    Honeywell PC42t, PC42tp, and PC42d Printers, T10.19.020016 to T10.20.060398, contain a cross-site scripting vulnerability. A(n) attacker could potentially inject malicious code which may lead to information disclosure, session theft, or client-side reques... Read more

    Affected Products :
    • Published: Jul. 29, 2024
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2015-8481

    Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote... Read more

    • Published: Jan. 08, 2016
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2024-3920

    The Flattr WordPress plugin through 1.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ex... Read more

    Affected Products : flattr
    • Published: May. 23, 2024
    • Modified: May. 21, 2025

  • 3.5

    LOW
    CVE-2009-4159

    Cross-site scripting (XSS) vulnerability in the newsletter configuration feature in the backend module in the Direct Mail (direct_mail) extension 2.6.4 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unsp... Read more

    Affected Products : typo3 direct_mail
    • Published: Dec. 02, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2014-2021

    Cross-site scripting (XSS) vulnerability in admincp/apilog.php in vBulletin 4.2.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the cli... Read more

    Affected Products : vbulletin
    • Published: Oct. 25, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-7292

    VASCO IDENTIKEY Authentication Server (IAS) 3.4.x allows remote authenticated users to bypass Active Directory (AD) authentication by entering only a DIGIPASS one-time password, instead of the intended combination of this one-time password and a multiple-... Read more

    Affected Products : identikey_authentication_server
    • Published: Jan. 13, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-1999-1590

    Directory traversal vulnerability in Muhammad A. Muquit wwwcount (Count.cgi) 2.3 allows remote attackers to read arbitrary GIF files via ".." sequences in the image parameter, a different vulnerability than CVE-1999-0021.... Read more

    Affected Products : wwwcount
    • Published: Dec. 31, 1999
    • Modified: Apr. 03, 2025

  • 3.5

    LOW
    CVE-2016-4027

    An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev10. App Suite frontend offers to control whether a user wants to store cookies that exceed the session duration. This functionality is useful when logging in from clients with reduced pr... Read more

    Affected Products : open-xchange_appsuite
    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-1547

    Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 12.0.1 allows remote authenticated users to affect integrity via vectors related to BASE.... Read more

    Affected Products : financial_services_software
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-0914

    Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 6.x and 7.x through 7.5.0.6, Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 6.2 t... Read more

    • Published: Jul. 30, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-7250

    Cross-site scripting (XSS) vulnerability in the JsonBuilder implementation in ProjectForge before 5.3 allows remote authenticated users to inject arbitrary web script or HTML via an autocompletion string, related to web/core/JsonBuilder.java and web/wicke... Read more

    Affected Products : projectforge
    • Published: Jan. 02, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2020-8920

    An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an att... Read more

    Affected Products : gerrit
    • Published: Dec. 10, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2013-0537

    The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to spoof the origin of shared links by leveraging meeting-attendance privileges.... Read more

    • Published: Nov. 09, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-6549

    Cross-site scripting (XSS) vulnerability in an application console in the server in Symantec NetBackup OpsCenter before 7.7.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : netbackup_opscenter
    • Published: Oct. 06, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-8312

    Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote authenticated users to obtain sensitive information via a request to the RSDU_CCMS_GET_PROFILE_PARAM RFC function.... Read more

    Affected Products : netweaver_abap
    • Published: Oct. 16, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-8745

    Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.15 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a ta... Read more

    Affected Products : custom_search_module
    • Published: Oct. 13, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-8913

    Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vu... Read more

    Affected Products : business_process_manager
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293562 Results