Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2015-2108

    Unspecified vulnerability in Powershell Operations in HP Operations Orchestration 9.x and 10.x allows remote authenticated users to obtain sensitive information via unknown vectors.... Read more

    Affected Products : operations_orchestration
    • Published: Mar. 31, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2010-0716

    _layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated user... Read more

    Affected Products : sharepoint_server
    • Published: Feb. 26, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-0606

    Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users to inject arbitrary web script or HTML via the f parameter, possibly related to an error message generated by scp/admin.php.... Read more

    Affected Products : osticket
    • Published: Feb. 11, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-0697

    Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML vi... Read more

    Affected Products : drupal itweak_upload
    • Published: Feb. 23, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2009-0809

    The Web Editor in Dassault Systemes ENOVIA SmarTeam V5 before Release 18 Service Pack 8, and possibly CATIA and other products, allows remote authenticated users to read the profile card of an object in the document class via a link that is sent from the ... Read more

    Affected Products : enovia_smarteam catia
    • Published: Mar. 04, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2009-0817

    Cross-site scripting (XSS) vulnerability in the Protected Node module 5.x before 5.x-1.4 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users with "administer site configuration" permissions to inject arbitrary web script or HTML... Read more

    • Published: Mar. 05, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2010-0081

    Unspecified vulnerability in the Application Server Control component in Oracle Fusion Middleware 10.1.2.3 and 10.1.4.0.1 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2010-2381.... Read more

    Affected Products : fusion_middleware
    • Published: Jul. 13, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-0801

    Directory traversal vulnerability in the AutartiTarot (com_autartitarot) component 1.0.3 for Joomla! allows remote authenticated users, with "Public Back-end" group permissions, to read arbitrary files via directory traversal sequences in the controller p... Read more

    Affected Products : joomla\! com_autartitarot
    • Published: Mar. 02, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2009-0743

    Cross-site scripting (XSS) vulnerability in the edit account page in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote authenticated users to inject arbitrar... Read more

    • Published: Feb. 27, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2009-4105

    TYPSoft FTP Server 1.10 allows remote authenticated users to cause a denial of service (crash) by sending an APPE (append) command immediately followed by a DELE (delete) command without sending file data in between these two commands.... Read more

    Affected Products : typsoft_ftp_server
    • Published: Nov. 29, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2010-1107

    Cross-site scripting (XSS) vulnerability in the Recent Comments module 5.x through 5.x-1.2 and 6.x through 6.x-1.0 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a "custom block title interface."... Read more

    Affected Products : drupal recent_comments
    • Published: Mar. 25, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2009-5059

    Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.10 services for Lotus Domino might allow remote authenticated users to cause a denial of service (daemon crash) by checking out a document that is accessed through a connector, aka SPR MMOI7PS... Read more

    Affected Products : lotus_quickr lotus_domino
    • Published: Mar. 22, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-0155

    CRLF injection vulnerability in load.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticated users to inject arbitrary HTTP headers and conduct HT... Read more

    • Published: Sep. 14, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2009-5062

    IBM Lotus Quickr 8.1 before 8.1.0.15 services for Lotus Domino on AIX allows remote authenticated users to cause a denial of service (daemon crash) by subscribing to an Atom feed, aka SPR JRIE7VKMP9.... Read more

    Affected Products : aix lotus_quickr lotus_domino
    • Published: Mar. 22, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2009-2610

    Cross-site scripting (XSS) vulnerability in the Links Related module in the Links Package 5.x before 5.x-1.13 and 6.x before 6.x-1.2, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via the title field.... Read more

    Affected Products : drupal links_package
    • Published: Jul. 27, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2014-0427

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via vectors related to FTS.... Read more

    Affected Products : mysql
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-2149

    Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.16 and 5.x before 5.0.7 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to shared files.... Read more

    Affected Products : owncloud owncloud_server
    • Published: Mar. 14, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-5448

    Cross-site scripting (XSS) vulnerability in the Right Click Plugin context menus in IBM Security QRadar SIEM 7.1 and 7.2 before 7.2 MR1 Patch 1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • Published: Nov. 29, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-0334

    Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple allow remote authenticated users to inject arbitrary web script or HTML via (1) the group parameter to admin/addgroup.php, (2) the htmlblob parameter to admin/addhtmlblob.php, the (3) ... Read more

    Affected Products : cms_made_simple
    • Published: Mar. 02, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0348

    The Artiva Agency Single Sign-On (SSO) implementation in Artiva Workstation 1.3.x before 1.3.9, Artiva Rm 3.1 MR7, Artiva Healthcare 5.2 MR5, and Artiva Architect 3.2 MR5, when the domain-name option is enabled, allows remote attackers to login to arbitra... Read more

    • Published: Apr. 15, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293250 Results