Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2007-5403

    Multiple cross-site scripting (XSS) vulnerabilities in Layton HelpBox 3.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Forename, (2) Surname, (3) Telephone, and (4) Fax fields to writeenduserenduser.asp; the (5) Fi... Read more

    Affected Products : helpbox
    • Published: Jan. 09, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2022-32159

    In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Stored XSS.... Read more

    Affected Products : infogami
    • Published: Jun. 22, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2013-5871

    Unspecified vulnerability in the Oracle AutoVue Electro-Mechanical Professional component in Oracle Supply Chain Products Suite 20.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Web General, a different vuln... Read more

    Affected Products : supply_chain_products_suite
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-1539

    Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 3.1.0, 5.0.2 through 5.0.5, and 5.3.0 through 5.3.4 allows remote authenticated users to affect confidentiality via vectors relat... Read more

    Affected Products : financial_services_software
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-4204

    Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.53 allows remote authenticated users to affect integrity via vectors related to PIA Core Technology.... Read more

    Affected Products : peoplesoft_products
    • Published: Jul. 17, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-3032

    Cross-site scripting (XSS) vulnerability in the Web GUI in IBM Tivoli Netcool/OMNIbus 7.3.0 before 7.3.0.6, 7.3.1 before 7.3.1.7, and 7.4.0 before 7.4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.... Read more

    • Published: Jan. 17, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2010-4432

    Unspecified vulnerability in the Oracle Transportation Manager component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and 6.2 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Infrastructure.... Read more

    Affected Products : supply_chain_products_suite
    • Published: Jan. 19, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-4813

    Cross-site scripting (XSS) vulnerability in the Category Tokens module 6.x before 6.x-1.1 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML by editing or creating vocabulary names, whi... Read more

    Affected Products : drupal category_tokens
    • Published: Jul. 08, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-5098

    Cross-site scripting (XSS) vulnerability in the FORM content object in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : typo3
    • Published: May. 21, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2009-4369

    Cross-site scripting (XSS) vulnerability in the Contact module (modules/contact/contact.admin.inc or modules/contact/contact.module) in Drupal Core 5.x before 5.21 and 6.x before 6.15 allows remote authenticated users with "administer site-wide contact fo... Read more

    Affected Products : drupal
    • Published: Dec. 21, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2017-2161

    FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows authenticated attackers to bypass access restrictions to obtain unauthorized image data via unspeci... Read more

    Affected Products : flashair
    • Published: May. 22, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2012-5316

    Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Spam & Virus Firewall 600 Firmware 4.0.1.009 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) Troubleshooting in the Trace route Device module or (... Read more

    • Published: Oct. 08, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2017-10014

    Vulnerability in the Oracle Hospitality Hotel Mobile component of Oracle Hospitality Applications (subcomponent: Suite8/RESTAPI). The supported version that is affected is 1.1. Easily exploitable vulnerability allows low privileged attacker with network a... Read more

    Affected Products : hospitality_hotel_mobile
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2012-5589

    The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly check node permissions when generating an in-content link, which allows remote authenticated users with text-editing permissions to read arbitrary node tit... Read more

    Affected Products : drupal multilink
    • Published: Dec. 26, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-4763

    Cross-site scripting (XSS) vulnerability in Content Navigator in Content Engine in IBM FileNet Content Manager 5.2.x before 5.2.0.3-P8CPE-IF003 and Content Foundation 5.2.x before 5.2.0.3-P8CPE-IF003 allows remote authenticated users to inject arbitrary w... Read more

    • Published: Sep. 15, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2007-5442

    CMS Made Simple 1.1.3.1 does not check the permissions assigned to users who attempt uploads, which allows remote authenticated users to upload unspecified files via unknown vectors.... Read more

    Affected Products : cms_made_simple
    • Published: Oct. 14, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2013-3920

    Cross-site scripting (XSS) vulnerability in Jahia xCM before 6.6.2 allows remote authenticated users to inject arbitrary web script or HTML via the "about me" field.... Read more

    Affected Products : jahia_xcm
    • Published: Nov. 27, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-2464

    Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.... Read more

    Affected Products : supply_chain_products_suite
    • Published: Apr. 16, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2008-3091

    Cross-site scripting (XSS) vulnerability in the Taxonomy Autotagger module 5.x before 5.x-1.8 for Drupal allows remote authenticated users, with create or edit post permissions, to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : taxonomy_autotagger_module
    • Published: Jul. 09, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2013-3803

    Unspecified vulnerability in the Hyperion BI+ component in Oracle Hyperion 11.1.1.3, 11.1.1.4.107 and earlier, 11.1.2.1.129 and earlier, and 11.1.2.2.305 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related t... Read more

    Affected Products : hyperion
    • Published: Jul. 17, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 293562 Results