Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2012-3393

    Cross-site scripting (XSS) vulnerability in repository/lib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 allows remote authenticated administrators to inject arbitrary web script or HTML by renaming a repository.... Read more

    Affected Products : moodle
    • Published: Jul. 23, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-3316

    Cross-site scripting (XSS) vulnerability in the Tivoli Process Automation Engine (TPAE) in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Requ... Read more

    • Published: Feb. 20, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-1653

    Cross-site scripting (XSS) vulnerability in the Taxonomy Views Integrator (TVI) module 6.x-1.x before 6.x-1.3 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, related to "views pages."... Read more

    • Published: Sep. 19, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-2214

    proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service (application crash) via a sequence of XMPP file-transfer requests... Read more

    Affected Products : pidgin
    • Published: Jul. 03, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-0746

    Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB),... Read more

    • Published: Sep. 10, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-1704

    Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Core-Ba... Read more

    Affected Products : financial_services_software
    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-1588

    Algorithmic complexity vulnerability in the _filter_url function in the text filtering system (modules/filter/filter.module) in Drupal 7.x before 7.14 allows remote authenticated users with certain roles to cause a denial of service (CPU consumption) via ... Read more

    Affected Products : drupal
    • Published: Oct. 01, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-3924

    The SSLVPN implementation in Cisco IOS 15.1 and 15.2, when DTLS is enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a PPP ove... Read more

    Affected Products : ios
    • Published: Sep. 16, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2011-2271

    Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote authenticated users to affect integrity via unknown vectors related to Attachments / File Upload.... Read more

    Affected Products : e-business_suite
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-1417

    Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com.... Read more

    • Published: Sep. 17, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2012-1651

    Cross-site scripting (XSS) vulnerability in the Submenu Tree module before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal submenu_tree
    • Published: Sep. 19, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-3476

    Multiple cross-site scripting (XSS) vulnerabilities in (1) application/views/admin/layout.php and (2) themes/default/views/header.php in the Ushahidi Platform before 2.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors r... Read more

    Affected Products : ushahidi_platform
    • Published: Aug. 12, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-2725

    classes/Filter/WhitelistedExternalFilter.php in the Authoring HTML module 6.x-1.x before 6.x-1.1 for Drupal does not properly validate sources with the host white list, which allows remote authenticated users to bypass intended access restrictions and con... Read more

    Affected Products : drupal 6.x-1.0
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-3529

    The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors.... Read more

    Affected Products : typo3
    • Published: Sep. 05, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2011-2243

    Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7.3, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect integrity, related to SYSDBA.... Read more

    Affected Products : database_server
    • Published: Jul. 20, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-2206

    The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as demonstrated by a modified metadata=fteSamplesUser field... Read more

    Affected Products : websphere_mq
    • Published: Aug. 17, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2020-14771

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with net... Read more

    • Published: Oct. 21, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2012-3310

    IBM Tivoli Federated Identity Manager (TFIM) before 6.1.1.14, 6.2.0 before 6.2.0.12, and 6.2.1 before 6.2.1.4 allows context-dependent attackers to discover (1) a cleartext LDAP Bind Password, (2) keystore passwords, (3) a cleartext Basic Authentication p... Read more

    Affected Products : tivoli_federated_identity_manager
    • Published: Jan. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-4235

    Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, and 12.2.3 allows remote authenticated users to affect integrity via unknown vectors.... Read more

    Affected Products : e-business_suite
    • Published: Jul. 17, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2021-22193

    An issue has been discovered in GitLab affecting all versions starting with 7.1. A member of a private group was able to validate the use of a specific name for private project.... Read more

    Affected Products : gitlab
    • Published: Mar. 24, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293932 Results