Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2012-6565

    Cross-site scripting (XSS) vulnerability in REDCap before 4.14.3 allows remote authenticated users to inject arbitrary web script or HTML via uppercase characters in JavaScript events within user-defined labels.... Read more

    Affected Products : redcap redcap
    • Published: Jun. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2019-20382

    QEMU 4.1.0 has a memory leak in zrle_compress_data in ui/vnc-enc-zrle.c during a VNC disconnect operation because libz is misused, resulting in a situation where memory allocated in deflateInit2 is not freed in deflateEnd.... Read more

    Affected Products : ubuntu_linux debian_linux leap qemu
    • Published: Mar. 05, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2008-3741

    The private filesystem in Drupal 5.x before 5.10 and 6.x before 6.4 trusts the MIME type sent by a web browser, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading files containing arbitrary web script or HTM... Read more

    Affected Products : drupal
    • Published: Aug. 27, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2008-3874

    Cross-site scripting (XSS) vulnerability in account.php in Lussumo Vanilla 1.1.5-rc1, 1.1.4, and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Value field (aka Label ==> Value pairs). NOTE: some of these details... Read more

    Affected Products : vanilla
    • Published: Aug. 29, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2019-2547

    Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privil... Read more

    Affected Products : database database_server
    • Published: Jan. 16, 2019
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2014-1879

    Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action.... Read more

    Affected Products : phpmyadmin
    • Published: Feb. 20, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-2340

    The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not specify sufficiently restrictive permissions, which allows remote authenticated users with the "access the site-wide contact form" permission to modify the module settings via unspecified... Read more

    Affected Products : drupal contact_forms
    • Published: May. 21, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-1639

    Multiple cross-site scripting (XSS) vulnerabilities in product/commerce_product.module in the Drupal Commerce module for Drupal before 7.x-1.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) sku or (2) title parameters.... Read more

    Affected Products : drupal commerce
    • Published: Oct. 01, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-1651

    Cross-site scripting (XSS) vulnerability in the Submenu Tree module before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal submenu_tree
    • Published: Sep. 19, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2011-5030

    Cross-site scripting (XSS) vulnerability in the Meta tags quick module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors, probably related to "names ... Read more

    Affected Products : drupal meta_tags_quick
    • Published: Dec. 29, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2011-2303

    Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.2, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Attachments / File Upload.... Read more

    Affected Products : e-business_suite
    • Published: Oct. 18, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-1628

    Cross-site scripting (XSS) vulnerability in the SuperCron module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal supercron
    • Published: Sep. 20, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-2101

    Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request tha... Read more

    Affected Products : nova
    • Published: Jun. 07, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-3316

    Cross-site scripting (XSS) vulnerability in the Tivoli Process Automation Engine (TPAE) in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Requ... Read more

    • Published: Feb. 20, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2011-4560

    Cross-site scripting (XSS) vulnerability in the Petition Node module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to signing a petition.... Read more

    Affected Products : drupal petition_node_module
    • Published: Nov. 28, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2007-2693

    MySQL before 5.1.18 allows remote authenticated users without SELECT privileges to obtain sensitive information from partitioned tables via an ALTER TABLE statement.... Read more

    Affected Products : mysql mysql
    • Published: May. 16, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2012-1727

    Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Document Rep... Read more

    Affected Products : e-business_suite
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-3310

    IBM Tivoli Federated Identity Manager (TFIM) before 6.1.1.14, 6.2.0 before 6.2.0.12, and 6.2.1 before 6.2.1.4 allows context-dependent attackers to discover (1) a cleartext LDAP Bind Password, (2) keystore passwords, (3) a cleartext Basic Authentication p... Read more

    Affected Products : tivoli_federated_identity_manager
    • Published: Jan. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-2205

    Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a workspace query.... Read more

    Affected Products : rational_clearquest
    • Published: Aug. 17, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-2725

    classes/Filter/WhitelistedExternalFilter.php in the Authoring HTML module 6.x-1.x before 6.x-1.1 for Drupal does not properly validate sources with the host white list, which allows remote authenticated users to bypass intended access restrictions and con... Read more

    Affected Products : drupal 6.x-1.0
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 293512 Results