Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2015-0549

    Cross-site scripting (XSS) vulnerability in EMC Documentum D2 before 4.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : documentum_d2
    • Published: Jun. 28, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2011-1405

    Cross-site scripting (XSS) vulnerability in Mahara before 1.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors associated with HTML e-mail messages, related to artefact/comment/lib.php and interaction/forum/lib.php.... Read more

    Affected Products : mahara
    • Published: May. 13, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2011-2303

    Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.2, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Attachments / File Upload.... Read more

    Affected Products : e-business_suite
    • Published: Oct. 18, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-3581

    Unspecified vulnerability in the BPEL Console component in Oracle Fusion Middleware 11.1.1.1.0 and 11.1.1.2.0 allows remote authenticated users to affect integrity via unknown vectors.... Read more

    Affected Products : fusion_middleware
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2023-3906

    An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, allowed an authenticated attacker to craft image urls which bypass the asset proxy.... Read more

    Affected Products : gitlab
    • Published: Sep. 29, 2023
    • Modified: May. 05, 2025

  • 3.5

    LOW
    CVE-2024-13585

    The Ajax Search Lite WordPress plugin before 4.12.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallo... Read more

    Affected Products : ajax_search
    • Published: Feb. 21, 2025
    • Modified: May. 07, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2011-2282

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50.20 and 8.51.11 allows remote authenticated users to affect integrity via unknown vectors.... Read more

    • Published: Jul. 21, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-4624

    MyBB (aka MyBulletinBoard) before 1.4.12 allows remote authenticated users to bypass intended restrictions on the number of [img] MyCodes by editing a post after it has been created.... Read more

    Affected Products : mybb
    • Published: Dec. 30, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2011-2271

    Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote authenticated users to affect integrity via unknown vectors related to Attachments / File Upload.... Read more

    Affected Products : e-business_suite
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-2697

    Cross-site scripting (XSS) vulnerability in Sijio Community Software allows remote authenticated users to inject arbitrary web script or HTML via the title parameter when adding a new blog, related to edit_blog/index.php. NOTE: some of these details are ... Read more

    Affected Products : community_software
    • Published: Jul. 12, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2011-2243

    Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7.3, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect integrity, related to SYSDBA.... Read more

    Affected Products : database_server
    • Published: Jul. 20, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2011-2198

    The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the str... Read more

    Affected Products : opensuse solaris gnome-terminal
    • Published: May. 21, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-4005

    Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web... Read more

    Affected Products : websphere_application_server
    • Published: Aug. 21, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2011-2274

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.49.31, 8.50.20, and 8.51.11 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2011-228... Read more

    • Published: Jul. 21, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-3779

    Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox... Read more

    Affected Products : dovecot
    • Published: Oct. 06, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-4547

    IBM Lotus Notes Traveler before 8.5.1.3, when a multidomain environment is used, does not properly apply policy documents to mobile users from a different Domino domain than the Traveler server, which allows remote authenticated users to bypass intended a... Read more

    Affected Products : lotus_notes_traveler notes_traveler
    • Published: Dec. 16, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-3737

    Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (heap memory consumption) by executing a (1) user-defined function (UDF) or (2) stored procedure while usin... Read more

    Affected Products : db2
    • Published: Oct. 05, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-3197

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication.... Read more

    • Published: Oct. 17, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-2102

    MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.... Read more

    Affected Products : mysql mysql
    • Published: Aug. 17, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2021-42700

    Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information.... Read more

    Affected Products : inkscape
    • Published: May. 18, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294299 Results