Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2014-8916

    Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vul... Read more

    Affected Products : openpages_grc_platform
    • Published: Oct. 03, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2020-2769

    Vulnerability in the Hyperion Financial Reporting product of Oracle Hyperion (component: Web Based Report Designer). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access v... Read more

    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2013-4051

    Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-4055.... Read more

    Affected Products : lotus_domino
    • Published: Nov. 08, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2005-3205

    Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to inject arbitrary web script or HTML via script in the "set markup HTML TABLE" command, which is executed when the use... Read more

    Affected Products : database_server
    • Published: Oct. 14, 2005
    • Modified: Apr. 03, 2025

  • 3.5

    LOW
    CVE-2014-7295

    The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting (XSS) attacks or have unspecified other impact via cr... Read more

    Affected Products : mediawiki
    • Published: Oct. 07, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2024-30261

    Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) ... Read more

    Affected Products : fedora undici
    • Published: Apr. 04, 2024
    • Modified: Dec. 18, 2024

  • 3.5

    LOW
    CVE-2014-6568

    Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.... Read more

    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-7811

    Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API.... Read more

    Affected Products : spacewalk network_satellite manager
    • Published: Jan. 15, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-4771

    IBM WebSphere MQ 7.0.1 before 7.0.1.13, 7.1 before 7.1.0.6, 7.5 before 7.5.0.5, and 8 before 8.0.0.1 allows remote authenticated users to cause a denial of service (queue-slot exhaustion) by leveraging PCF query privileges for a crafted query.... Read more

    Affected Products : websphere_mq
    • Published: Feb. 13, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-6475

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52, 8.53, and 8.54 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.... Read more

    Affected Products : peoplesoft_products
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-4838

    Cross-site scripting (XSS) vulnerability in GanttProjectSchedulerPopup.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbit... Read more

    Affected Products : tririga_application_platform
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2011-1504

    Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA allows remote authenticated users to inject arbitrary web script or HTML via a blog title.... Read more

    Affected Products : liferay_portal portal
    • Published: May. 07, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-7812

    Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field.... Read more

    Affected Products : satellite spacewalk manager
    • Published: Jan. 15, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-7830

    Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php in the Feedback module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to inject arbitrary web script or HTML... Read more

    Affected Products : moodle
    • Published: Nov. 24, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-4801

    Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x through 2.0.1.1, 3.x before 3.0.1.6 iFix 4, 4.x before 4.0.7 iFix 2, and 5.x before 5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted U... Read more

    Affected Products : rational_quality_manager
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-4803

    CRLF injection vulnerability in the Universal Access implementation in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix007, and 6.0.5 before 6.0.5.5 iFix003, when WebSphere Application Server is not used, allows remote au... Read more

    Affected Products : curam_social_program_management
    • Published: Feb. 13, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-7828

    FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers to bypass the password requirement of the two-factor authentication leveraging an enabled OTP token, which triggers an anonymous bind.... Read more

    Affected Products : freeipa freeipa
    • Published: Nov. 19, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-4836

    Cross-site scripting (XSS) vulnerability in breakOutWithName.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbitrary web s... Read more

    Affected Products : tririga_application_platform
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2024-47526

    LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Self Cross-Site Scripting (Self-XSS) vulnerability in the "Alert Templates" feature allows users to inject arbitrary JavaScript into the alert template's name. This script execu... Read more

    Affected Products : librenms
    • Published: Oct. 01, 2024
    • Modified: Dec. 19, 2024

  • 3.5

    LOW
    CVE-2021-1996

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network ac... Read more

    • Published: Jan. 20, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 294454 Results