Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2007-4826

    bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service (crash) via a malformed (1) OPEN message or (2) a COMMUNITY attribute, which triggers a NULL pointer dereference. NOTE: vector 2 only exists when debugging is... Read more

    Affected Products : quagga
    • Published: Sep. 12, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2014-3475

    Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user emai... Read more

    Affected Products : opensuse horizon
    • Published: Oct. 31, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-2971

    Cross-site scripting (XSS) vulnerability in AddStdLetter.jsp in MicroPact iComplaints before 8.0.2.1.8.8014 allows remote authenticated users to inject arbitrary web script or HTML via the description parameter.... Read more

    Affected Products : icomplaints
    • Published: Jul. 24, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-3013

    Multiple cross-site scripting (XSS) vulnerabilities in IBM Curam Social Program Management 4.5 SP10 through 6.0.5.4 allow remote authenticated users to inject arbitrary web script or HTML via crafted input to a (1) custom JSP or (2) custom renderer.... Read more

    Affected Products : curam_social_program_management
    • Published: Jun. 18, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2006-7232

    sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY.... Read more

    Affected Products : ubuntu_linux mysql
    • Published: Dec. 31, 2006
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2020-2933

    Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 5.1.48 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocol... Read more

    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2020-2516

    Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Materialized View, Create Table p... Read more

    Affected Products : database database_server
    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2015-1808

    Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service (improper plug-in and tool installation) via crafted update center data.... Read more

    Affected Products : openshift jenkins
    • Published: Oct. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2020-11058

    In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a disconnect due to an invalid data read. This has been fi... Read more

    Affected Products : ubuntu_linux debian_linux freerdp
    • Published: May. 12, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2014-3943

    Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allow remote authenticated editors to inject arbitrary... Read more

    Affected Products : typo3
    • Published: Jun. 03, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-3363

    Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq68443.... Read more

    Affected Products : unified_communications_manager
    • Published: Sep. 12, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2020-28838

    Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Opencart CMS 3.0.3.6 allows attacker to add cart items via Add to cart.... Read more

    Affected Products : opencart
    • Published: Dec. 11, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2014-4348

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name that is improperly handled after presence in (a)... Read more

    Affected Products : phpmyadmin
    • Published: Jun. 25, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-3949

    Cross-site scripting (XSS) vulnerability in the layout wizard in the Grid Elements (gridelements) extension before 1.5.1 and 2.0.x before 2.0.3 for TYPO3 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vect... Read more

    Affected Products : typo3 gridelements
    • Published: Jun. 04, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-3933

    Cross-site scripting (XSS) vulnerability in the address components field formatter in the AddressField Tokens module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via an address field.... Read more

    Affected Products : addressfield_tokens
    • Published: Jun. 02, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2012-5200

    Cross-site scripting (XSS) vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote authenticated users to inject arbitrary web script or HTML via unspecif... Read more

    • Published: Mar. 09, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-5339

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a procedure, or (3) a trigger.... Read more

    Affected Products : phpmyadmin
    • Published: Oct. 25, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-3310

    IBM Tivoli Federated Identity Manager (TFIM) before 6.1.1.14, 6.2.0 before 6.2.0.12, and 6.2.1 before 6.2.1.4 allows context-dependent attackers to discover (1) a cleartext LDAP Bind Password, (2) keystore passwords, (3) a cleartext Basic Authentication p... Read more

    Affected Products : tivoli_federated_identity_manager
    • Published: Jan. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-3316

    Cross-site scripting (XSS) vulnerability in the Tivoli Process Automation Engine (TPAE) in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Requ... Read more

    • Published: Feb. 20, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-0529

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51 allows remote authenticated users to affect integrity via unknown vectors related to core.... Read more

    Affected Products : peoplesoft_products
    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 293355 Results