Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2024-38870

    Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and OpManager Enterprise Edition versions before 128104, from 128151 before 128238, from 128247 before 128250 are vulnerable to Stored XSS vulnerability in reports module.... Read more

    Affected Products :
    • Published: Jul. 17, 2024
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2014-4838

    Cross-site scripting (XSS) vulnerability in GanttProjectSchedulerPopup.jsp in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 allows remote authenticated users to inject arbit... Read more

    Affected Products : tririga_application_platform
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-5169

    Cross-site scripting (XSS) vulnerability in the Date module before 7.x-2.8 for Drupal allows remote authenticated users with the permission to create a date field to inject arbitrary web script or HTML via the date field title.... Read more

    Affected Products : date
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-6192

    Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix10, 6.0.5 before 6.0.5.6, and 6.0.5.5a before 6.0.5.8 allows remote authenticated users to inject arbitrary web script or HTML vi... Read more

    Affected Products : curam_social_program_management
    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-6175

    Cross-site scripting (XSS) vulnerability in IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8.6.0.8, 9.0.x before 9.0.0.4.1, 9.1.0.x before 9.1.0.5, and 9.1.1.x before 9.1.1.2 allows remote authenticated users to inject arbitrary web s... Read more

    Affected Products : marketing_operations
    • Published: Jun. 07, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2023-33229

    The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject passive HTML. ... Read more

    Affected Products : solarwinds_platform
    • Published: Jul. 26, 2023
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2020-7020

    Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the ... Read more

    Affected Products : elasticsearch elasticsearch
    • Published: Oct. 22, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2015-4771

    Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to RBR.... Read more

    Affected Products : ubuntu_linux mysql
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-6353

    Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.3.1.5 and 5.4.x through 5.4.1.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuu28922.... Read more

    Affected Products : firesight_system_software
    • Published: Oct. 31, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-2760

    Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : data_loss_prevention_endpoint
    • Published: Mar. 27, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-4791

    Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.... Read more

    Affected Products : mysql
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-5494

    Cross-site scripting (XSS) vulnerability in the Webform Matrix Component module 7.x-4.x before 7.x-4.13 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : webform_matrix_component
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-4962

    Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before ... Read more

    • Published: Jan. 03, 2016
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-5622

    Cross-site scripting (XSS) vulnerability in WordPress before 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to wp-inc... Read more

    Affected Products : debian_linux wordpress
    • Published: Aug. 03, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-4913

    Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858.... Read more

    • Published: Oct. 22, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-4741

    Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.2.4 allows remote authenticated users to affect integrity via unknown vectors related to Dialog popup.... Read more

    Affected Products : e-business_suite
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-4890

    Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication.... Read more

    Affected Products : enterprise_linux mysql
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-4924

    Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.1.1, 9.3.1.2, 9.3.2, and 9.3.3 allows remote authenticated users to affect integrity via vectors related to Security.... Read more

    Affected Products : supply_chain_products_suite
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-5061

    Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 and earlier allows remote authenticated users with permissions to add new vendors to inject arbitrary web script or HTML via the organizationName parameter t... Read more

    Affected Products : manageengine_assetexplorer
    • Published: Jun. 24, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-2677

    Multiple cross-site scripting (XSS) vulnerabilities in ocPortal before 9.0.17 allow remote authenticated users to inject arbitrary web script or HTML via the (1) title or (2) text field in the cms_calendar page to cms/index.php; unspecified fields in (3) ... Read more

    Affected Products : ocportal
    • Published: Mar. 23, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293513 Results