Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2015-4372

    Cross-site scripting (XSS) vulnerability in the Image Title module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : image_title
    • Published: Jun. 15, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2023-3613

    Mattermost WelcomeBot plugin fails to to validate the membership status when inviting or adding users to channels allowing guest accounts to be added or invited to channels by default. ... Read more

    Affected Products : mattermost_server
    • Published: Jul. 17, 2023
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2025-1624

    The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is d... Read more

    Affected Products : gdpr_cookie_compliance
    • Published: Mar. 16, 2025
    • Modified: Apr. 02, 2025

  • 3.5

    LOW
    CVE-2015-4132

    Multiple cross-site scripting (XSS) vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : clearpass_policy_manager
    • Published: May. 28, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-5150

    Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.90 allow remote authenticated users to inject arbitrary web script or HTML via the (1) query parameter in the run_query_editor_query module to CustomReportHandle... Read more

    Affected Products : manageengine_supportcenter_plus
    • Published: Jun. 30, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-8745

    Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.15 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a ta... Read more

    Affected Products : custom_search_module
    • Published: Oct. 13, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0840

    Multiple cross-site scripting (XSS) vulnerabilities in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : rational_focal_point
    • Published: Feb. 26, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-7274

    Cross-site scripting (XSS) vulnerability in Wallpaper Script 3.5.0082 allows remote authenticated users to inject arbitrary web script or HTML via the title field in a wallpaper file upload.... Read more

    Affected Products : wallpaperscript
    • Published: Jan. 08, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-1999-1590

    Directory traversal vulnerability in Muhammad A. Muquit wwwcount (Count.cgi) 2.3 allows remote attackers to read arbitrary GIF files via ".." sequences in the image parameter, a different vulnerability than CVE-1999-0021.... Read more

    Affected Products : wwwcount
    • Published: Dec. 31, 1999
    • Modified: Apr. 03, 2025

  • 3.5

    LOW
    CVE-2014-2021

    Cross-site scripting (XSS) vulnerability in admincp/apilog.php in vBulletin 4.2.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the cli... Read more

    Affected Products : vbulletin
    • Published: Oct. 25, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2008-0945

    Format string vulnerability in the logging function in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecifi... Read more

    Affected Products : instant_messaging imserver
    • Published: Feb. 25, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2016-8314

    Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 5.1.0, 5.2.0 and 11.5.0. Difficult to exploit vulnerability allows low privileged attacker... Read more

    Affected Products : flexcube_core_banking
    • Published: Jan. 27, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2006-6513

    The CControl::Download function (/dl URI) in Winamp Web Interface (Wawi) 7.5.13 and earlier allows remote authenticated users to download arbitrary file types under the root via a trailing "." (dot) in a filename in the file parameter, related to erroneou... Read more

    Affected Products : winamp_web_interface
    • Published: Dec. 14, 2006
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2012-4938

    Cross-site scripting (XSS) vulnerability in the web interface in Pattern Insight 2.3 allows remote authenticated administrators to inject arbitrary web script or HTML via the banner message.... Read more

    Affected Products : pattern_insight
    • Published: Nov. 18, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-8312

    Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote authenticated users to obtain sensitive information via a request to the RSDU_CCMS_GET_PROFILE_PARAM RFC function.... Read more

    Affected Products : netweaver_abap
    • Published: Oct. 16, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-6536

    Unspecified vulnerability in the Agile PLM component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect integrity via unknown vectors related to Security.... Read more

    Affected Products : supply_chain_products_suite
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-6549

    Cross-site scripting (XSS) vulnerability in an application console in the server in Symantec NetBackup OpsCenter before 7.7.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : netbackup_opscenter
    • Published: Oct. 06, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-2827

    Cross-site scripting (XSS) vulnerability in CA Spectrum 9.2.x and 9.3.x before 9.3 H02 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : spectrum spectrum
    • Published: Apr. 08, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-7881

    The Colorbox module 7.x-2.x before 7.x-2.10 for Drupal allows remote authenticated users with certain permissions to bypass intended access restrictions and "add unexpected content to a Colorbox" via unspecified vectors, possibly related to a link in a co... Read more

    Affected Products : colorbox
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-3921

    Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter.... Read more

    Affected Products : coppermine_photo_gallery
    • Published: May. 27, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293620 Results