Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2007-5403

    Multiple cross-site scripting (XSS) vulnerabilities in Layton HelpBox 3.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Forename, (2) Surname, (3) Telephone, and (4) Fax fields to writeenduserenduser.asp; the (5) Fi... Read more

    Affected Products : helpbox
    • Published: Jan. 09, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2019-1010310

    GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder description. The impact is: Admins can phish any user or group of users for credentials / credit cards. The component is: Tool... Read more

    Affected Products : glpi
    • Published: Jul. 12, 2019
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2014-8986

    Cross-site scripting (XSS) vulnerability in the selection list in the filters in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via a crafted conf... Read more

    Affected Products : mantisbt
    • Published: Nov. 24, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-1511

    Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.... Read more

    Affected Products : mysql mariadb solaris
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2007-4741

    Cross-site scripting (XSS) vulnerability in admin/adminusers.php in Claroline before 1.8.6 allows remote authenticated administrators to inject arbitrary web script or HTML via the sort parameter. NOTE: the provenance of this information is unknown; the ... Read more

    Affected Products : claroline
    • Published: Sep. 06, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2012-5571

    OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for th... Read more

    Affected Products : folsom essex
    • Published: Dec. 18, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2011-4459

    Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not properly disable groups, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a group membership.... Read more

    Affected Products : rt request_tracker
    • Published: Jun. 04, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2008-3331

    Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter.... Read more

    Affected Products : mantis
    • Published: Jul. 27, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2007-6505

    Solaris 9, with Solaris Auditing enabled and certain patches for sshd installed, can generate audit records with an audit-ID of 0 even when the user logging into ssh is not root, which makes it easier for attackers to avoid detection and can make it more ... Read more

    Affected Products : solaris
    • Published: Dec. 20, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2008-3741

    The private filesystem in Drupal 5.x before 5.10 and 6.x before 6.4 trusts the MIME type sent by a web browser, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading files containing arbitrary web script or HTM... Read more

    Affected Products : drupal
    • Published: Aug. 27, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2008-1978

    Cross-site scripting (XSS) vulnerability in the Ubercart 5.x before 5.x-1.0 rc3 module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via node titles related to unspecified product features, a different vector than CVE... Read more

    Affected Products : drupal ubercart ubercart_module
    • Published: Apr. 27, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2008-2764

    Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla Absolute Live Support XE 5.1 allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors ("all fields").... Read more

    Affected Products : absolute_live_support_xe
    • Published: Jun. 18, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2006-0810

    Unspecified vulnerability in config.php in Skate Board 0.9 allows remote authenticated administrators to execute arbitrary PHP code by causing certain variables in config.php to be modified, possibly due to XSS or direct static code injection.... Read more

    Affected Products : skate_board
    • Published: Feb. 21, 2006
    • Modified: Apr. 03, 2025

  • 3.5

    LOW
    CVE-2007-1467

    Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace, Unified MeetingPlace, Unified MeetingPlace Express, Cal... Read more

    • Published: Mar. 16, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2007-0437

    Multiple cross-site scripting (XSS) vulnerabilities in the sample Cache' Server Page (CSP) scripts in InterSystems Cache' allow remote attackers to inject arbitrary web script or HTML via (1) the TO parameter to loop.csp, (2) the VALUE parameter to cookie... Read more

    Affected Products : cache_database
    • Published: Aug. 20, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2006-6514

    Winamp Web Interface (Wawi) 7.5.13 and earlier uses an insufficient comparison to determine whether a directory is located below the application's root directory, which allows remote authenticated users to access certain other directories if the name of t... Read more

    Affected Products : winamp_web_interface
    • Published: Dec. 14, 2006
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2006-6512

    Directory traversal vulnerability in the Browse function (/browse URI) in Winamp Web Interface (Wawi) 7.5.13 and earlier allows remote authenticated users to list arbitrary directories via URL encoded backslashes ("%2F") in the path parameter.... Read more

    Affected Products : winamp_web_interface
    • Published: Dec. 14, 2006
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2006-6775

    acFTP 1.5 allows remote authenticated users to cause a denial of service via a crafted argument to the (1) REST or (2) PBSZ command.... Read more

    Affected Products : acftp
    • Published: Dec. 27, 2006
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2006-6821

    myprofile.asp in Enthrallweb eNews does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified... Read more

    Affected Products : enews
    • Published: Dec. 29, 2006
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2024-21242

    Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with ne... Read more

    • Published: Oct. 15, 2024
    • Modified: Oct. 21, 2024
Showing 20 of 293620 Results