Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2011-1491

    The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to th... Read more

    Affected Products : webmail roundcube_webmail
    • Published: Apr. 08, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2020-2694

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.18 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multipl... Read more

    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2013-0672

    Cross-site scripting (XSS) vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified data.... Read more

    Affected Products : wincc_tia_portal
    • Published: Mar. 21, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2020-24588

    The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MS... Read more

    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2013-1566

    Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.... Read more

    Affected Products : mysql
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2020-24586

    The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when anothe... Read more

    • Published: May. 11, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2007-5461

    Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request th... Read more

    Affected Products : tomcat
    • Published: Oct. 15, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2014-1994

    Cross-site scripting (XSS) vulnerability in the Notices portlet in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : garoon
    • Published: Jul. 20, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-2149

    Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.16 and 5.x before 5.0.7 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to shared files.... Read more

    Affected Products : owncloud owncloud_server
    • Published: Mar. 14, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-1992

    Cross-site scripting (XSS) vulnerability in the Messages functionality in Cybozu Garoon 3.1.x, 3.5.x, and 3.7.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : garoon
    • Published: Jul. 20, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-0453

    Cross-site scripting (XSS) vulnerability in Web Reports in IBM Tivoli Endpoint Manager (TEM) before 8.2.1372 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : tivoli_endpoint_manager
    • Published: Mar. 21, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-2299

    Cross-site scripting (XSS) vulnerability in Advantech WebAccess (formerly BroadWin WebAccess) before 7.1 2013.05.30 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : webaccess advantech_webaccess
    • Published: Aug. 22, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-0457

    Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a uisessio... Read more

    • Published: Feb. 20, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-0585

    Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to the (1) web console and (2) r... Read more

    Affected Products : infosphere_information_server
    • Published: Aug. 16, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-1840

    The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for... Read more

    Affected Products : glance swift glance folsom essex s3_store
    • Published: Mar. 22, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-0553

    The client implementation in IBM Sametime 8.5.1 through 8.5.2.1, as used in Sametime Connect client, Sametime Advanced Connect client, Sametime Advanced Web client, and other products, allows remote authenticated users to send commands to individual chat ... Read more

    • Published: Apr. 28, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-1835

    Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated administrators to obtain sensitive information from the external repositories of arbitrary users by leveraging the login_as feature.... Read more

    Affected Products : moodle
    • Published: Mar. 25, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2007-2450

    Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote auth... Read more

    Affected Products : tomcat
    • Published: Jun. 14, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2013-0581

    Multiple cross-site scripting (XSS) vulnerabilities in IBM Business Process Manager (BPM) 7.5.1.x, 8.0.0.x, and 8.0.1 before FP1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) ProcessPortal/jsp/socialPort... Read more

    Affected Products : business_process_manager
    • Published: Jul. 06, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-5379

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.x before 7.0.0.2 CF25 and 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging improper tagging functionality.... Read more

    Affected Products : websphere_portal
    • Published: Nov. 13, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 293633 Results