Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2007-5403

    Multiple cross-site scripting (XSS) vulnerabilities in Layton HelpBox 3.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Forename, (2) Surname, (3) Telephone, and (4) Fax fields to writeenduserenduser.asp; the (5) Fi... Read more

    Affected Products : helpbox
    • Published: Jan. 09, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2013-6196

    Cross-site scripting (XSS) vulnerability in HP Autonomy Ultraseek 5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : autonomy_ultraseek
    • Published: Dec. 21, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-4914

    Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, 11.1.1.7, 11.1.1.9, 12.1.2.0, and 12.1.3.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web Listener.... Read more

    Affected Products : http_server fusion_middleware
    • Published: Oct. 22, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-3095

    The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted UNION clause in a ... Read more

    Affected Products : linux_kernel db2 windows
    • Published: Sep. 04, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-1619

    Cross-site scripting (XSS) vulnerability in the Secure Web Mail Client user interface in McAfee Email Gateway (MEG) 7.6.x before 7.6.3.2, 7.5.x before 75.6, 7.0.x through 7.0.5, 5.6, and earlier allows remote authenticated users to inject arbitrary web sc... Read more

    Affected Products : email_gateway
    • Published: Feb. 17, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-6039

    Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via crafted content in an Office Marketplace instance, aka "Micros... Read more

    • Published: Oct. 14, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-5764

    Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect availability via unknown vectors.... Read more

    Affected Products : database_server
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2018-16968

    Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal.... Read more

    Affected Products : sharefile_storagezones_controller
    • Published: Sep. 26, 2018
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2014-6487

    Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote authenticated users to affect integrity via unknown vectors related to End User Self Service.... Read more

    Affected Products : identity_manager fusion_middleware
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-6525

    Unspecified vulnerability in the Oracle Web Applications Desktop Integrator component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote authenticated users to affect integrity via unknown vectors related to Tem... Read more

    Affected Products : e-business_suite
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-5378

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging incorrect IBM Connections integration.... Read more

    Affected Products : websphere_portal
    • Published: Nov. 13, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-3371

    The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via ... Read more

    Affected Products : nova compute folsom essex
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-2068

    The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump.... Read more

    Affected Products : jenkins
    • Published: Oct. 17, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-1458

    Cross-site scripting (XSS) vulnerability in the web administration interface in FortiGuard FortiWeb 5.0.3 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : fortiweb
    • Published: Feb. 04, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-4770

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated administrators to inject arbitrary web script or HTML via... Read more

    Affected Products : websphere_application_server
    • Published: Sep. 23, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-4756

    The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4.x before 8.1.4.4 allows remote authenticated users to hijack sessions via unspecified vectors.... Read more

    Affected Products : rational_license_key_server
    • Published: Sep. 10, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2025-51384

    D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_net_asp function via the remot_ip parameter.... Read more

    Affected Products : di-8200_firmware di-8200
    • Published: Jul. 31, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Memory Corruption

  • 3.5

    LOW
    CVE-2013-6322

    Cross-site scripting (XSS) vulnerability in Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 8.0 before HF128 and 8.5 before HF93 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • Published: Nov. 28, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2009-4370

    Cross-site scripting (XSS) vulnerability in the Menu module (modules/menu/menu.admin.inc) in Drupal Core 6.x before 6.15 allows remote authenticated users with permissions to create new menus to inject arbitrary web script or HTML via a menu description, ... Read more

    Affected Products : drupal
    • Published: Dec. 21, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2011-4346

    Cross-site scripting (XSS) vulnerability in the web interface in Red Hat Network (RHN) Satellite 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field of the asset tag in a Custom Info page.... Read more

    Affected Products : enterprise_linux satellite
    • Published: Dec. 10, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 293530 Results