Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2015-0374

    Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.... Read more

    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2016-8286

    Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote authenticated users to affect confidentiality via vectors related to Server: Security: Privileges.... Read more

    Affected Products : mysql
    • Published: Oct. 25, 2016
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-4366

    Cross-site scripting (XSS) vulnerability in the Mover module 6.x-1.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : mover
    • Published: Jun. 15, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-0513

    Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging privileged acc... Read more

    Affected Products : watch4net vipr_srm
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-0103

    Multiple cross-site scripting (XSS) vulnerabilities in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allow remote authenticated users to inject arbitrary web script or HTML v... Read more

    Affected Products : business_process_manager
    • Published: Mar. 24, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-0128

    Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix4, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different... Read more

    Affected Products : rational_quality_manager
    • Published: Mar. 18, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-0549

    Cross-site scripting (XSS) vulnerability in EMC Documentum D2 before 4.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : documentum_d2
    • Published: Jun. 28, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-7230

    The Workbench Email module 7.x-3.x before 7.x-3.4 for Drupal allows remote authenticated users with certain permissions to bypass node and field validation by saving a node.... Read more

    Affected Products : workbench_email
    • Published: Sep. 17, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-4078

    Cloudera Navigator 2.2.x before 2.2.4 and 2.3.x before 2.3.3 include support for SSLv3 when configured to use SSL/TLS, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (... Read more

    Affected Products : cloudera_manager navigator
    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2015-0933

    Absolute path traversal vulnerability in ShareLaTeX 0.1.3 and earlier, when the paranoid openin_any setting is omitted, allows remote authenticated users to read arbitrary files via a \include command.... Read more

    Affected Products : sharelatex
    • Published: Mar. 04, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2012-4579

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via a Table Operations (1) TRUNCATE or (2) DROP link for a crafted table name, (3) the Add Trigg... Read more

    Affected Products : phpmyadmin
    • Published: Aug. 21, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-3179

    login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to bypass intended login restrictions by leveraging access to an unconfirmed suspended account.... Read more

    Affected Products : moodle
    • Published: Jun. 01, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-0109

    Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inj... Read more

    • Published: Feb. 18, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-0472

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect integrity via vectors related to PIA Core Technology, a different vulnerability than CVE-2... Read more

    Affected Products : peoplesoft_products
    • Published: Apr. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2008-1484

    The password reset feature in PunBB 1.2.16 and earlier uses predictable random numbers based on the system time, which allows remote authenticated users to determine the new password via a brute force attack on a seed that is based on the approximate crea... Read more

    Affected Products : punbb
    • Published: Mar. 24, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2025-3513

    The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed... Read more

    Affected Products : sureforms
    • Published: May. 02, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2023-50458

    In Dradis before 4.11.0, the Output Console shows a job queue that may contain information about other users' jobs.... Read more

    Affected Products : dradis
    • Published: Jul. 10, 2025
    • Modified: Jul. 10, 2025
    • Vuln Type: Information Disclosure

  • 3.5

    LOW
    CVE-2025-53862

    A flaw was found in Ansible. Three API endpoints are accessible and return verbose, unauthenticated responses. This flaw allows a malicious user to access data that may contain important information.... Read more

    Affected Products : ansible_automation_platform
    • Published: Jul. 11, 2025
    • Modified: Aug. 11, 2025
    • Vuln Type: Authentication

  • 3.5

    LOW
    CVE-2025-1623

    The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is d... Read more

    Affected Products : gdpr_cookie_compliance
    • Published: Mar. 16, 2025
    • Modified: Apr. 02, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2024-57611

    07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/doAdminAction.php?act=editShop&shopId.... Read more

    Affected Products : 07flycms
    • Published: Jan. 16, 2025
    • Modified: Apr. 15, 2025
    • Vuln Type: Cross-Site Request Forgery
Showing 20 of 294421 Results