Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2014-9311

    Cross-site scripting (XSS) vulnerability in admin.php in the Shareaholic plugin before 7.6.1.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the location[id] parameter in a shareaholic_add_location action to wp... Read more

    Affected Products : shareaholic
    • Published: Apr. 14, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-2844

    Cross-site scripting (XSS) vulnerability in F-Secure Messaging Secure Gateway 7.5.0 before Patch 1862 allows remote authenticated administrators to inject arbitrary web script or HTML via the new parameter in the SysUser module to admin.... Read more

    Affected Products : secure_messaging_secure_gateway
    • Published: Apr. 18, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-3014

    Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : sametime sametime_meeting_server
    • Published: May. 26, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-5460

    IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and read communication logs associated with unrelated records... Read more

    • Published: May. 26, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-3025

    Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; ... Read more

    • Published: Jul. 30, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-5690

    Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) content with the text/xml MIME type or (2) the Status comment field of an appointment... Read more

    Affected Products : open-xchange_appsuite
    • Published: Oct. 03, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-6307

    Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • Published: Nov. 29, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-2322

    HP SQL/MX 3.2 and earlier on NonStop servers, when SQL/MP Objects are used, allows remote authenticated users to obtain sensitive information via unspecified vectors, aka the "SQL/MP index" issue.... Read more

    Affected Products : nonstop_sql\/mx
    • Published: Jun. 28, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2021-25014

    The Ibtana WordPress plugin before 1.1.4.9 does not have authorisation and CSRF checks in the ive_save_general_settings AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings which could lead to Store... Read more

    Affected Products : ibtana
    • Published: Feb. 14, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2024-1979

    A vulnerability was found in Quarkus. In certain conditions related to the CI process, git credentials could be inadvertently published, which could put the git repository at risk.... Read more

    Affected Products : build_of_quarkus
    • Published: Mar. 13, 2024
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2020-6879

    Some ZTE devices have input verification vulnerabilities. The devices support configuring a static prefix through the web management page. The restriction of the front-end code can be bypassed by constructing a POST request message and sending the request... Read more

    • Published: Nov. 19, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2024-10545

    The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.9 does not sanitise and escape some of its Image settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered... Read more

    Affected Products : nextgen_gallery
    • Published: Feb. 25, 2025
    • Modified: May. 15, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2020-26220

    toucbase.ai before version 2.0 leaks information by not stripping exif data from images. Anyone with access to the uploaded image of other users could obtain its geolocation, device, and software version data etc (if present. The issue is fixed in version... Read more

    Affected Products : touchbase.ai
    • Published: Nov. 11, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2013-4022

    IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x store unspecified authentication information in a cookie, which allows remote authenti... Read more

    • Published: Sep. 25, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-2260

    Cross-site scripting (XSS) vulnerability in plugins/main/content/js/ajenti.coffee in Eugene Pankov Ajenti 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via the command field in the Cron functionality.... Read more

    Affected Products : ajenti
    • Published: Apr. 30, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2022-32159

    In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Stored XSS.... Read more

    Affected Products : infogami
    • Published: Jun. 22, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2021-33595

    A address bar spoofing vulnerability was discovered in Safe Browser for iOS. Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. A remote atta... Read more

    Affected Products : safe
    • Published: Aug. 11, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2013-3989

    IBM Security AppScan Enterprise 8.x before 8.8 sends a cleartext AppScan Source database password in a response, which allows remote authenticated users to obtain sensitive information, and subsequently conduct man-in-the-middle attacks, by examining the ... Read more

    Affected Products : security_appscan
    • Published: Oct. 25, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2025-30259

    The WhatsApp cloud service before late 2024 did not block certain crafted PDF content that can defeat a sandbox protection mechanism and consequently allow remote access to messaging applications by third parties, as exploited in the wild in 2024 for inst... Read more

    Affected Products :
    • Published: Mar. 20, 2025
    • Modified: Mar. 20, 2025
    • Vuln Type: Misconfiguration

  • 3.5

    LOW
    CVE-2010-2535

    Multiple cross-site scripting (XSS) vulnerabilities in the Back End in Joomla! 1.5.x before 1.5.20 allow remote authenticated users to inject arbitrary web script or HTML via administrator screens.... Read more

    Affected Products : joomla\!
    • Published: Oct. 05, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 293681 Results