Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2007-0830

    Multiple cross-site scripting (XSS) vulnerabilities in the Admin Control Panel (AdminCP) in Jelsoft vBulletin 3.6.4 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors related to the (1) User Group Mana... Read more

    Affected Products : vbulletin
    • Published: Feb. 07, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2025-51384

    D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_net_asp function via the remot_ip parameter.... Read more

    Affected Products : di-8200_firmware di-8200
    • Published: Jul. 31, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Memory Corruption

  • 3.5

    LOW
    CVE-2025-37109

    Cross-site scripting vulnerability has been identified in HPE Telco Service Activator product... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2020-18463

    Cross Site Request Forgery (CSRF) vulnerability exists in v2.0.0 in video_list.php, which can let a malicious user delete a video message.... Read more

    Affected Products : aikcms
    • Published: Aug. 12, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2021-25014

    The Ibtana WordPress plugin before 1.1.4.9 does not have authorisation and CSRF checks in the ive_save_general_settings AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings which could lead to Store... Read more

    Affected Products : ibtana
    • Published: Feb. 14, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2020-26220

    toucbase.ai before version 2.0 leaks information by not stripping exif data from images. Anyone with access to the uploaded image of other users could obtain its geolocation, device, and software version data etc (if present. The issue is fixed in version... Read more

    Affected Products : touchbase.ai
    • Published: Nov. 11, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2020-6879

    Some ZTE devices have input verification vulnerabilities. The devices support configuring a static prefix through the web management page. The restriction of the front-end code can be bypassed by constructing a POST request message and sending the request... Read more

    • Published: Nov. 19, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2024-56082

    ChatBar.tsx in Lumos before 1.0.17 parses raw HTML in Markdown because the markdown-to-jsx package is used without disableParsingRawHTML set to true.... Read more

    Affected Products :
    • Published: Dec. 15, 2024
    • Modified: Dec. 16, 2024

  • 3.5

    LOW
    CVE-2024-47612

    DataDump is a MediaWiki extension that provides dumps of wikis. Several interface messages are unescaped (more specifically, (datadump-table-column-queued), (datadump-table-column-in-progress), (datadump-table-column-completed), (datadump-table-column-fai... Read more

    Affected Products : datadump
    • Published: Oct. 02, 2024
    • Modified: Oct. 04, 2024

  • 3.5

    LOW
    CVE-2014-3801

    OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list.... Read more

    Affected Products : heat
    • Published: May. 23, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-6487

    Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote authenticated users to affect integrity via unknown vectors related to End User Self Service.... Read more

    Affected Products : identity_manager fusion_middleware
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-9042

    Cross-site scripting (XSS) vulnerability in the import functionality in the bookmarks application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote authenticated users to inject arbitrary web script or HTML by importing a lin... Read more

    Affected Products : owncloud owncloud_server
    • Published: Feb. 04, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-2150

    Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ownCloud before 4.5.12 and 5.x before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to shared files.... Read more

    Affected Products : owncloud owncloud_server
    • Published: Mar. 14, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-6196

    Cross-site scripting (XSS) vulnerability in HP Autonomy Ultraseek 5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : autonomy_ultraseek
    • Published: Dec. 21, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2018-16968

    Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal.... Read more

    Affected Products : sharefile_storagezones_controller
    • Published: Sep. 26, 2018
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2014-3474

    Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to in... Read more

    Affected Products : opensuse horizon horizon
    • Published: Oct. 31, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-9224

    Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x th... Read more

    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-2041

    Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tag parameter to apps/bookmarks/ajax/addBookmark.php or (2) dir parameter to apps/files/... Read more

    Affected Products : owncloud owncloud_server
    • Published: Mar. 14, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2010-3093

    The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a crafted URL, related to an "unpublishing bypass" issue.... Read more

    Affected Products : drupal
    • Published: Sep. 21, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-3095

    The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted UNION clause in a ... Read more

    Affected Products : linux_kernel db2 windows
    • Published: Sep. 04, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293639 Results