Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2025-58816

    Missing Authorization vulnerability in Plugin Devs Product Carousel Slider for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Product Carousel Slider for Elementor: from n/a through 2.1.3.... Read more

    Affected Products :
    • Published: Sep. 05, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Authorization

  • 3.5

    LOW
    CVE-2014-0967

    Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0 FP4 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 allows... Read more

    • Published: Jul. 19, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2020-6317

    In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information which appears in the installation log files. This information although sensitive is of limited utility and ca... Read more

    Affected Products : adaptive_server_enterprise
    • Published: Nov. 30, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2024-51749

    Element is a Matrix web client built using the Matrix React SDK. Versions of Element Web and Desktop earlier than 1.11.85 do not check if thumbnails for attachments, stickers and images are coherent. It is possible to add thumbnails to events trigger a fi... Read more

    Affected Products :
    • Published: Nov. 12, 2024
    • Modified: Nov. 13, 2024

  • 3.5

    LOW
    CVE-2021-45486

    In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small.... Read more

    • Published: Dec. 25, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2020-2734

    Vulnerability in the RDBMS/Optimizer component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Execute on DBMS_SQLTUNE privilege w... Read more

    Affected Products : database database_server
    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2021-36181

    A concurrent execution using shared resource with improper Synchronization vulnerability ('Race Condition') in the customer database interface of FortiPortal before 6.0.6 may allow an authenticated, low-privilege user to bring the underlying database data... Read more

    Affected Products : fortiportal
    • Published: Nov. 02, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2017-2383

    An issue was discovered in certain Apple products. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. The issue involves cleartext client-certificate transmission in the "APNs Server" component. It allows man-in-the-middl... Read more

    Affected Products : itunes icloud
    • Published: Apr. 02, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2021-2335

    Vulnerability in the Oracle Database - Enterprise Edition Data Redaction component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Creat... Read more

    Affected Products : database database_server
    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2008-2849

    Cross-site scripting (XSS) vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote authenticated users, with create post permissions, to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : trailscout_module
    • Published: Jun. 25, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2014-3075

    Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.0.x allows remote authenticated users to inject arbitrary web script or HTML via an uploaded file.... Read more

    • Published: Sep. 04, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2018-1392

    IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for Multi-Platform could allow an authenticated user to execute a specially crafted command that could obtain sensitive information. IBM X-Force ID: 138377.... Read more

    Affected Products : financial_transaction_manager
    • Published: Feb. 22, 2018
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2007-5949

    Cross-site scripting (XSS) vulnerability in IBM Tivoli Service Desk 6.2 allows remote authenticated users to inject arbitrary web script or HTML via the Description parameter in a Maximo change action.... Read more

    Affected Products : tivoli_service_desk
    • Published: Nov. 14, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2007-1368

    The Project issue tracking module before 4.7.x-1.3, 4.7.x-2.* before 4.7.x-2.3, and 5 before 5.x-0.2-beta for Drupal allows remote authenticated users, with "access project issues" permission, to read the contents of a private node via a URL with a modifi... Read more

    Affected Products : drupal_project_issue_tracking
    • Published: Mar. 09, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2007-4717

    Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.6 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) dir parameter in admin/adminusers.php, the (2) action parameter in admin/advancedUse... Read more

    Affected Products : claroline
    • Published: Sep. 05, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2011-3978

    Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy.php in LightNEasy 3.2.4 allow remote authenticated users to inject arbitrary web script or HTML via the (1) commentemail, (2) commentmessage, or (3) commentname parameter in a sendcomment a... Read more

    Affected Products : lightneasy
    • Published: Oct. 04, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-1040

    Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in BEdita 3.4.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lrealname field in the editProfile form to index.php/home/profile; the (2... Read more

    Affected Products : bedita
    • Published: Jan. 15, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2010-5100

    Multiple cross-site scripting (XSS) vulnerabilities in the Install Tool in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : typo3
    • Published: May. 21, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-5939

    Cross-site scripting (XSS) vulnerability in Welcome.do in the Data Management Portal Web User Interface in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 allows remote authenticated users to inject arbitrary web script or... Read more

    • Published: Mar. 06, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2008-5996

    Cross-site scripting (XSS) vulnerability in the Simplenews module 5.x before 5.x-1.5 and 6.x before 6.x-1.0-beta4, a module for Drupal, allows remote authenticated users, with "administer taxonomy" permissions, to inject arbitrary web script or HTML via a... Read more

    Affected Products : drupal simplenews
    • Published: Jan. 28, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 293654 Results