Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2025-26865

    Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: from 18.12.17 before 18.12.18.   It's a regression between 18.12.17 and 18.12.18. In case you use something like that, ... Read more

    Affected Products : ofbiz
    • Published: Mar. 10, 2025
    • Modified: Jun. 23, 2025

  • 3.5

    LOW
    CVE-2022-23056

    In ERPNext, versions v13.0.0-beta.13 through v13.30.0 are vulnerable to Stored XSS at the Patient History page which allows a low privilege user to conduct an account takeover attack.... Read more

    Affected Products : erpnext erpnext
    • Published: Jun. 22, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2022-38163

    A Drag and Drop spoof vulnerability was discovered in F-Secure SAFE Browser for Android and iOS version 19.0 and below. Drag and drop operation by user on address bar could lead to a spoofing of the address bar.... Read more

    Affected Products : safe
    • Published: Nov. 07, 2022
    • Modified: May. 02, 2025

  • 3.5

    LOW
    CVE-2014-2091

    Cross-site scripting (XSS) vulnerability in mods/_standard/forums/admin/forum_add.php in ATutor 2.1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the title parameter in an add_forum action. NOTE: the original dis... Read more

    Affected Products : atutor
    • Published: Mar. 02, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0437

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.... Read more

    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-0178

    Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potenti... Read more

    Affected Products : samba
    • Published: May. 28, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-6725

    Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote authenticated administrators to inject arbitrary web script or HTM... Read more

    Affected Products : websphere_application_server
    • Published: Jan. 16, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2020-28838

    Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Opencart CMS 3.0.3.6 allows attacker to add cart items via Add to cart.... Read more

    Affected Products : opencart
    • Published: Dec. 11, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2013-6741

    IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Servi... Read more

    • Published: May. 26, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0134

    The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and use_cow_images is set to false, allows remote authenticated users to read certain compute host files by overwrit... Read more

    Affected Products : nova compute
    • Published: May. 08, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-7231

    Cross-site scripting (XSS) vulnerability in the Mobile Content Server in ESRI ArcGIS for Server 10.1 and 10.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-5222.... Read more

    Affected Products : arcgis_server arcgis arcgis_for_server
    • Published: Dec. 30, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-0897

    The Configuration Patterns component in IBM Flex System Manager (FSM) 1.2.0.x, 1.2.1.x, 1.3.0.x, and 1.3.1.x uses a weak algorithm in an encryption step during Chassis Management Module (CMM) account creation, which makes it easier for remote authenticate... Read more

    Affected Products : flex_system_manager
    • Published: Aug. 29, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-3720

    Cross-site scripting (XSS) vulnerability in widget_remove.php in the Feedweb plugin before 1.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wp_post_id parameter.... Read more

    Affected Products : wordpress feedweb
    • Published: May. 31, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-0405

    Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to... Read more

    Affected Products : vm_virtualbox
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-0858

    IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to bypass intended access restrictions and conduct deleteAction attacks via a modified URL.... Read more

    Affected Products : content_navigator
    • Published: Feb. 27, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-7074

    Multiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbit... Read more

    Affected Products : typo3
    • Published: Dec. 21, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-0850

    Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Reference Data Management (RDM) Hub 10.1 and 11.0 before 11.0.0.0-MDM-IF008 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.... Read more

    • Published: Mar. 16, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0925

    Open redirect vulnerability in IBM Sterling Control Center 5.4.0 before 5.4.0.1 iFix 3 and 5.4.1 before 5.4.1.0 iFix 2 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.... Read more

    Affected Products : sterling_control_center
    • Published: May. 30, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0843

    Cross-site scripting (XSS) vulnerability in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to inject arbitrary web script or HTML by uploading a file.... Read more

    Affected Products : rational_focal_point
    • Published: Feb. 26, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-0824

    Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140321-1336 and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change an... Read more

    • Published: May. 26, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293584 Results