Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2011-2282

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50.20 and 8.51.11 allows remote authenticated users to affect integrity via unknown vectors.... Read more

    • Published: Jul. 21, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-1739

    Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Financials Busi... Read more

    Affected Products : e-business_suite
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2011-2243

    Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7.3, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect integrity, related to SYSDBA.... Read more

    Affected Products : database_server
    • Published: Jul. 20, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-3476

    Multiple cross-site scripting (XSS) vulnerabilities in (1) application/views/admin/layout.php and (2) themes/default/views/header.php in the Ushahidi Platform before 2.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors r... Read more

    Affected Products : ushahidi_platform
    • Published: Aug. 12, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-1588

    Algorithmic complexity vulnerability in the _filter_url function in the text filtering system (modules/filter/filter.module) in Drupal 7.x before 7.14 allows remote authenticated users with certain roles to cause a denial of service (CPU consumption) via ... Read more

    Affected Products : drupal
    • Published: Oct. 01, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-1842

    Cross-site scripting (XSS) vulnerability in checkQKMProg.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote att... Read more

    • Published: Mar. 22, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-1727

    Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Document Rep... Read more

    Affected Products : e-business_suite
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-1679

    Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect integrity via unknown vectors related to Core-Base.... Read more

    Affected Products : financial_services_software
    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-0112

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485... Read more

    Affected Products : mysql mysql
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2006-5453

    Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) page headers using t... Read more

    Affected Products : bugzilla
    • Published: Oct. 23, 2006
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2006-3933

    Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.2.2 allows remote authenticated users to inject arbitrary web script or HTML via the message body.... Read more

    Affected Products : opencms
    • Published: Jul. 31, 2006
    • Modified: Apr. 03, 2025

  • 3.5

    LOW
    CVE-2012-0713

    Unspecified vulnerability in the XML feature in IBM DB2 9.7 before FP6 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary XML files via unknown vectors.... Read more

    Affected Products : linux_kernel db2 windows
    • Published: Aug. 24, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-1906

    Cross-site scripting (XSS) vulnerability in the REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to injec... Read more

    Affected Products : business_process_manager
    • Published: Jul. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2025-1623

    The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is d... Read more

    Affected Products : gdpr_cookie_compliance
    • Published: Mar. 16, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2025-48219

    O2 UK before 2025-05-19 allows subscribers to determine the Cell ID of other subscribers by initiating an IMS (IP Multimedia Subsystem) call and then reading the utran-cell-id-3gpp field of a Cellular-Network-Info SIP header, aka an ECI (E-UTRAN Cell Iden... Read more

    Affected Products :
    • Published: May. 18, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Information Disclosure

  • 3.5

    LOW
    CVE-2025-53862

    A flaw was found in Ansible. Three API endpoints are accessible and return verbose, unauthenticated responses. This flaw allows a malicious user to access data that may contain important information.... Read more

    Affected Products : ansible_automation_platform
    • Published: Jul. 11, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Authentication

  • 3.5

    LOW
    CVE-2008-1131

    Cross-site scripting (XSS) vulnerability in Drupal 6.0 allows remote authenticated users to inject arbitrary web script or HTML via titles in content edit forms.... Read more

    Affected Products : drupal
    • Published: Mar. 04, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2024-13314

    The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_htm... Read more

    • Published: Feb. 21, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2024-12683

    The Smart Maintenance Mode WordPress plugin before 1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is dis... Read more

    Affected Products : smart_maintenance_mode
    • Published: Mar. 26, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2025-1452

    The Favorites WordPress plugin before 2.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ... Read more

    Affected Products : favorites
    • Published: Mar. 25, 2025
    • Modified: May. 06, 2025
    • Vuln Type: Cross-Site Scripting
Showing 20 of 293658 Results