Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2014-6093

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : websphere_portal
    • Published: Nov. 26, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-7267

    Cross-site scripting (XSS) vulnerability in the output-page generator in the Ricksoft WBS Gantt-Chart add-on 7.8.1 and earlier for JIRA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerabi... Read more

    Affected Products : wbs_gantt-chart
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-7246

    The Core Server in OpenAM 9.5.3 through 9.5.5, 10.0.0 through 10.0.2, 10.1.0-Xpress, and 11.0.0 through 11.0.2, when deployed on a multi-server network, allows remote authenticated users to cause a denial of service (infinite loop) via a crafted cookie in... Read more

    Affected Products : openam
    • Published: Nov. 14, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-8746

    Cross-site scripting (XSS) vulnerability in the Skeleton theme 7.x-1.2 through 7.x-1.3 before 7.x-1.4, for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme... Read more

    Affected Products : skeleton_theme
    • Published: Oct. 13, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-8734

    The Organic Groups Menu (aka OG Menu) module before 7.x-2.2 for Drupal allows remote authenticated users with the "access administration pages" permission to change module settings via unspecified vectors.... Read more

    Affected Products : organic_groups_menu
    • Published: Nov. 12, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-8909

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF29, 8.0.0.x before 8.0.0.1 CF15, and 8.5.0 before CF05 allows remote authenticated users to inject arbit... Read more

    Affected Products : websphere_portal
    • Published: Feb. 13, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-7811

    Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API.... Read more

    Affected Products : spacewalk network_satellite manager
    • Published: Jan. 15, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2020-3126

    vulnerability within the Multimedia Viewer feature of Cisco Webex Meetings could allow an authenticated, remote attacker to bypass security protections. The vulnerability is due to missing security warning dialog boxes when a room host views shared multim... Read more

    Affected Products : webex_meetings_server
    • Published: Apr. 13, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2014-8772

    Cross-site scripting (XSS) vulnerability in the search_controller in X3 CMS 0.5.1 and 0.5.1.1 allows remote authenticated users to inject arbitrary web script or HTML via the search parameter.... Read more

    Affected Products : x3_cms
    • Published: Dec. 03, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-8521

    Cross-site scripting (XSS) vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : network_data_loss_prevention
    • Published: Oct. 29, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2024-30261

    Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) ... Read more

    Affected Products : fedora undici
    • Published: Apr. 04, 2024
    • Modified: Dec. 18, 2024

  • 3.5

    LOW
    CVE-2014-8378

    Cross-site scripting (XSS) vulnerability in the TableField module 7.x-2.x before 7.x-2.3 allows remote authenticated users with the "administer content types" or "administer taxonomy" permission to inject arbitrary web script or HTML via vectors related t... Read more

    Affected Products : tablefield
    • Published: Oct. 21, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-5438

    Cross-site scripting (XSS) vulnerability in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allows remote authenticated users to inject arbitrary web script or HTML via the computer_name parameter to connected_devices_com... Read more

    • Published: Dec. 17, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-7830

    Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php in the Feedback module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to inject arbitrary web script or HTML... Read more

    Affected Products : moodle
    • Published: Nov. 24, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-8379

    Multiple cross-site scripting (XSS) vulnerabilities in the Marketo MA module before 7.x-1.5 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to field titles to the (1) Webform ... Read more

    Affected Products : marketo_ma
    • Published: Oct. 21, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-8376

    Cross-site scripting (XSS) vulnerability in the context administration sub-panel in the Site Banner module before 7.x-4.1 for Drupal allows remote authenticated users with the "Administer contexts" Context UI module permission to inject arbitrary web scri... Read more

    Affected Products : site_banner
    • Published: Oct. 21, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2009-1556

    img/main.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote authenticated users to read arbitrary files in img/ via a filename in the next_file parameter, as demonstrated by reading .htpasswd to obtain ... Read more

    Affected Products : wvc54gca
    • Published: May. 06, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2014-8349

    Cross-site scripting (XSS) vulnerability in Liferay Portal Enterprise Edition (EE) 6.2 SP8 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the _20_body parameter in the comment field in an uploaded file.... Read more

    Affected Products : liferay_portal
    • Published: Nov. 24, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-8326

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table ... Read more

    Affected Products : phpmyadmin opensuse
    • Published: Nov. 05, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2012-4422

    wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated users to ... Read more

    Affected Products : wordpress
    • Published: Sep. 14, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 294125 Results