Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2015-4065

    Cross-site scripting (XSS) vulnerability in shared/shortcodes/inbound-shortcodes.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the post parameter to wp-admin/post-ne... Read more

    Affected Products : landing_pages_plugin landing_pages
    • Published: May. 27, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2007-5833

    Multiple cross-site scripting (XSS) vulnerabilities in BosDev BosMarket Business Directory System allow remote authenticated users to inject arbitrary web script or HTML via (1) user info (account details) or (2) a post.... Read more

    • Published: Nov. 05, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2015-0451

    Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 3.0-04 allows remote authenticated users to affect confidentiality via vectors related to OpenSSO Web Agents.... Read more

    Affected Products : fusion_middleware opensso
    • Published: Apr. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2012-3923

    The SSLVPN implementation in Cisco IOS 12.4, 15.0, 15.1, and 15.2, when DTLS is not enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session in... Read more

    Affected Products : ios
    • Published: Sep. 16, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-3376

    Cross-site scripting (XSS) vulnerability in the Quizzler module before 7-x.1.16 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title.... Read more

    Affected Products : quizzler
    • Published: Apr. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2008-2849

    Cross-site scripting (XSS) vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote authenticated users, with create post permissions, to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : trailscout_module
    • Published: Jun. 25, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2013-6299

    Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated ... Read more

    Affected Products : algo_one
    • Published: Mar. 05, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2012-5388

    Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the White Label CMS plugin 1.5 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wlcms_o_developer_name parameter in a save action to wp-... Read more

    Affected Products : wordpress white-label-cms
    • Published: Oct. 24, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-1040

    Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in BEdita 3.4.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lrealname field in the editProfile form to index.php/home/profile; the (2... Read more

    Affected Products : bedita
    • Published: Jan. 15, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-6913

    Cross-site scripting (XSS) vulnerability in a search component in Cybozu Garoon before 3.7.2, when Internet Explorer is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : internet_explorer garoon
    • Published: Dec. 05, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-6494

    Cross-site scripting (XSS) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : mango_automation
    • Published: Oct. 28, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2017-5190

    NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when configured as a SAML 2.0 Identity Server with Virtual Attributes, has a concurrency issue causing information leakage, related to a stale profile.... Read more

    Affected Products : access_manager
    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2017-3490

    Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Limits and Collateral). Supported versions that are affected are 12.0.0 and 12.1.0. Difficult to exploit vu... Read more

    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2017-5607

    Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.13.1, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3 and Splunk Light before 6.5.2 assigns the $C JS property to the global Window namespace... Read more

    Affected Products : splunk
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2012-0827

    The File module in Drupal 7.x before 7.11, when using unspecified field access modules, allows remote authenticated users to read arbitrary private files that are associated with restricted fields via unspecified vectors.... Read more

    Affected Products : drupal
    • Published: Oct. 28, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2017-3264

    Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: Open UI). The supported version that is affected is 16.1. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise S... Read more

    Affected Products : siebel_ui_framework
    • Published: Jan. 27, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2024-47799

    Exposure of sensitive system information to an unauthorized control sphere issue exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated attacker may obtain information o... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 12, 2024

  • 3.5

    LOW
    CVE-2017-3468

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access vi... Read more

    Affected Products : mysql mysql_server
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2011-3507

    Unspecified vulnerability in the Oracle Communications Unified component in Oracle Sun Products Suite 7.0 allows remote authenticated users to affect integrity via unknown vectors related to Messaging Server.... Read more

    Affected Products : sun_products_suite
    • Published: Oct. 18, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2024-47526

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Self Cross-Site Scripting (Self-XSS) vulnerability in the "Alert Templates" feature allows users to inject arbitrary JavaScript into the alert template's name. This script execu... Read more

    Affected Products : librenms
    • Published: Oct. 01, 2024
    • Modified: Dec. 19, 2024
Showing 20 of 293673 Results