Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2008-4083

    Cross-site scripting (XSS) vulnerability in the Bookmarks plugin in Brim 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in an addItemPost action to index.php. NOTE: some of these details are obtained f... Read more

    Affected Products : brim
    • Published: Sep. 15, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2008-5666

    WinFTP FTP Server 2.3.0, when passive (aka PASV) mode is used, allows remote authenticated users to cause a denial of service via a sequence of FTP sessions that include an invalid "NLST -1" command.... Read more

    Affected Products : winftp_ftp_server
    • Published: Dec. 19, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2011-4340

    Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.2.3 and possibly other versions before 2.2.4 allow remote authenticated users with Author privileges to inject arbitrary web script or HTML via (1) the profile parameter to extensions/p... Read more

    Affected Products : symphony_cms
    • Published: Feb. 12, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2005-4191

    Multiple cross-site scripting (XSS) vulnerabilities in templates/tasklists/tasklists.inc in Horde Nag Task List Manager H3 before 2.0.4 allow remote authenticated users to inject arbitrary web script or HTML via (1) the tasklist's name or (2) description,... Read more

    Affected Products : nag_task_list_manager_h3
    • Published: Dec. 13, 2005
    • Modified: Apr. 03, 2025

  • 3.5

    LOW
    CVE-2008-5446

    Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10 CU2 and 12.0.6 allows remote authenticated users to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from t... Read more

    • Published: Jan. 14, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2024-10214

    Mattermost versions 9.11.X <= 9.11.1, 9.5.x <= 9.5.9 icorrectly issues two sessions when using desktop SSO - one in the browser and one in desktop with incorrect settings.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Oct. 28, 2024
    • Modified: Nov. 05, 2024

  • 3.5

    LOW
    CVE-2008-6972

    Multiple cross-site scripting (XSS) vulnerabilities in Drupal Content Construction Kit (CCK) 5.x through 5.x-1.8 allow remote authenticated users with "administer content" permissions to inject arbitrary web script or HTML via the (1) "field label," (2) "... Read more

    Affected Products : drupal cck cck content_construction_kit
    • Published: Aug. 13, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2012-0077

    Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4, 10.0.2, 10.3.3, 10.3.4, and 10.3.5 allows remote authenticated users to affect integrity, related to WLS-Console.... Read more

    Affected Products : weblogic_server fusion_middleware
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2023-50458

    In Dradis before 4.11.0, the Output Console shows a job queue that may contain information about other users' jobs.... Read more

    Affected Products : dradis
    • Published: Jul. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 3.5

    LOW
    CVE-2024-10560

    The Form Maker by 10Web WordPress plugin before 1.15.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is dis... Read more

    Affected Products : form_maker
    • Published: Mar. 25, 2025
    • Modified: Apr. 03, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2008-1330

    Unspecified vulnerability in the Windows client API in Novell GroupWise 7 before SP3 and 6.5 before SP6 Update 3 allows remote authenticated users to access the non-shared stored e-mail messages of another user who has shared at least one folder with the ... Read more

    Affected Products : groupwise
    • Published: Mar. 18, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2025-0692

    The Simple Video Management System WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capabili... Read more

    Affected Products : simple_video_management_system
    • Published: Feb. 13, 2025
    • Modified: May. 26, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2024-13314

    The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_htm... Read more

    • Published: Feb. 21, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2024-13121

    The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform ... Read more

    Affected Products : profilepress
    • Published: Feb. 13, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2025-1623

    The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is d... Read more

    Affected Products : gdpr_cookie_compliance
    • Published: Mar. 16, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2012-3149

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect confidentiality, related to MySQL Client.... Read more

    Affected Products : mysql
    • Published: Oct. 16, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-1987

    Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory... Read more

    • Published: May. 29, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-3445

    The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set ... Read more

    Affected Products : libvirt
    • Published: Aug. 07, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-5353

    The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a su... Read more

    • Published: Dec. 16, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2006-3933

    Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.2.2 allows remote authenticated users to inject arbitrary web script or HTML via the message body.... Read more

    Affected Products : opencms
    • Published: Jul. 31, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293564 Results