Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2013-4523

    Cross-site scripting (XSS) vulnerability in message/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted message.... Read more

    Affected Products : moodle
    • Published: Nov. 26, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-3921

    Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter.... Read more

    Affected Products : coppermine_photo_gallery
    • Published: May. 27, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-2969

    Cross-site scripting (XSS) vulnerability in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving invalid characters... Read more

    Affected Products : sterling_control_center
    • Published: Jun. 19, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2009-4159

    Cross-site scripting (XSS) vulnerability in the newsletter configuration feature in the backend module in the Direct Mail (direct_mail) extension 2.6.4 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unsp... Read more

    Affected Products : typo3 direct_mail
    • Published: Dec. 02, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2014-3111

    Multiple cross-site scripting (XSS) vulnerabilities in FOG 0.27 through 0.32 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Printer Model field to the Printer Management page, (2) Image Name field to the Image Manageme... Read more

    Affected Products : fog
    • Published: Oct. 21, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-7881

    The Colorbox module 7.x-2.x before 7.x-2.10 for Drupal allows remote authenticated users with certain permissions to bypass intended access restrictions and "add unexpected content to a Colorbox" via unspecified vectors, possibly related to a link in a co... Read more

    Affected Products : colorbox
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-7250

    Cross-site scripting (XSS) vulnerability in the JsonBuilder implementation in ProjectForge before 5.3 allows remote authenticated users to inject arbitrary web script or HTML via an autocompletion string, related to web/core/JsonBuilder.java and web/wicke... Read more

    Affected Products : projectforge
    • Published: Jan. 02, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-0537

    The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to spoof the origin of shared links by leveraging meeting-attendance privileges.... Read more

    • Published: Nov. 09, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-5150

    Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.90 allow remote authenticated users to inject arbitrary web script or HTML via the (1) query parameter in the run_query_editor_query module to CustomReportHandle... Read more

    Affected Products : manageengine_supportcenter_plus
    • Published: Jun. 30, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-4246

    Unspecified vulnerability in the Hyperion Analytic Provider Services component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated users to affect confidentiality via vectors related to SVP.... Read more

    Affected Products : hyperion
    • Published: Jul. 17, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-6726

    Multiple cross-site scripting (XSS) vulnerabilities in WebProcess.srv in IBM TRIRIGA Application Platform 3.2.x and 3.3.x before 3.3.1.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : tririga_application_platform
    • Published: May. 07, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-5420

    CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded application password, which makes it easier for remote authenticated users to obtain application-file access via unspecified vectors.... Read more

    Affected Products : pyxis_supplystation
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2017-9139

    There is a stack-based buffer overflow on some Tenda routers (FH1202/F1202/F1200: versions before 1.2.0.20). Crafted POST requests to an unspecified URL result in DoS, interrupting the HTTP service (used to login to the web UI of a router) for 1 to 2 seco... Read more

    • Published: May. 21, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2012-2202

    Directory traversal vulnerability in javatester_init.php in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allows remote authenticated administrators to read arbitrary files via a .. (dot ... Read more

    • Published: Jul. 27, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2017-1150

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to view. IBM Reference #: 1999515.... Read more

    Affected Products : db2
    • Published: Mar. 08, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2012-4270

    Cross-site scripting (XSS) vulnerability in eFront 3.6.11 allows remote authenticated users to inject arbitrary web script or HTML via the subject box of a message.... Read more

    Affected Products : efront
    • Published: Aug. 13, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2007-5949

    Cross-site scripting (XSS) vulnerability in IBM Tivoli Service Desk 6.2 allows remote authenticated users to inject arbitrary web script or HTML via the Description parameter in a Maximo change action.... Read more

    Affected Products : tivoli_service_desk
    • Published: Nov. 14, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2014-3075

    Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.0.x allows remote authenticated users to inject arbitrary web script or HTML via an uploaded file.... Read more

    • Published: Sep. 04, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-4065

    Cross-site scripting (XSS) vulnerability in shared/shortcodes/inbound-shortcodes.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the post parameter to wp-admin/post-ne... Read more

    Affected Products : landing_pages_plugin landing_pages
    • Published: May. 27, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2007-4717

    Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.6 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) dir parameter in admin/adminusers.php, the (2) action parameter in admin/advancedUse... Read more

    Affected Products : claroline
    • Published: Sep. 05, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 293609 Results