Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2014-5313

    Cross-site scripting (XSS) vulnerability in the management page in Six Apart Movable Type before 5.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : movable_type movabletype
    • Published: Sep. 10, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-2971

    Cross-site scripting (XSS) vulnerability in AddStdLetter.jsp in MicroPact iComplaints before 8.0.2.1.8.8014 allows remote authenticated users to inject arbitrary web script or HTML via the description parameter.... Read more

    Affected Products : icomplaints
    • Published: Jul. 24, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-3034

    Cross-site scripting (XSS) vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2 allows remote authenticated users to inject arbitrar... Read more

    Affected Products : emptoris_contract_management
    • Published: Aug. 26, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-3363

    Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq68443.... Read more

    Affected Products : unified_communications_manager
    • Published: Sep. 12, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-4787

    Cross-site scripting (XSS) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote authenticated users to inject arbitrary web script or HTML via un... Read more

    Affected Products : initiate_master_data_service
    • Published: Sep. 10, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2024-38870

    Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and OpManager Enterprise Edition versions before 128104, from 128151 before 128238, from 128247 before 128250 are vulnerable to Stored XSS vulnerability in reports module.... Read more

    Affected Products :
    • Published: Jul. 17, 2024
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2011-1405

    Cross-site scripting (XSS) vulnerability in Mahara before 1.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors associated with HTML e-mail messages, related to artefact/comment/lib.php and interaction/forum/lib.php.... Read more

    Affected Products : mahara
    • Published: May. 13, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2011-0827

    Unspecified vulnerability in the PeopleSoft Enterprise component in Oracle PeopleSoft Products 8.50 GA through 8.50.17 and 8.51 GA through 8.51.07 allows remote authenticated users to affect integrity via unknown vectors related to PeopleTools.... Read more

    • Published: Apr. 20, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2008-5250

    Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, 1.12.x before 1.12.2, and 1.13.x before 1.13.3, when Internet Explorer is used and uploads are enabled, or an SVG scripting browser is used and SVG uploads are enabled, allows remote aut... Read more

    Affected Products : mediawiki
    • Published: Dec. 19, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2011-2198

    The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the str... Read more

    Affected Products : opensuse solaris gnome-terminal
    • Published: May. 21, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2011-0826

    Unspecified vulnerability in Oracle PeopleSoft Enterprise 8.8 Bundle #13, 8.9 Bundle #7, 9.0 Bundle #7, and 9.1 Bundle #4 allows remote authenticated users to affect integrity via unknown vectors related to Application Portal.... Read more

    • Published: Apr. 20, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2011-1503

    The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.... Read more

    Affected Products : windows_7 linux_kernel liferay_portal
    • Published: May. 07, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2011-0728

    Cross-site scripting (XSS) vulnerability in templatefunctions.py in Loggerhead before 1.18.1 allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not properly handled in a revision view.... Read more

    Affected Products : loggerhead
    • Published: Mar. 29, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2020-16218

    In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful e... Read more

    • Published: Sep. 11, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2011-0795

    Unspecified vulnerability in the Single Sign On component in Oracle Fusion Middleware 10.1.2.3 allows remote authenticated users to affect integrity via unknown vectors related to Administration and Monitoring.... Read more

    Affected Products : fusion_middleware
    • Published: Apr. 20, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2011-1491

    The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to th... Read more

    Affected Products : webmail roundcube_webmail
    • Published: Apr. 08, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-2102

    MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.... Read more

    Affected Products : mysql mysql
    • Published: Aug. 17, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-3197

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication.... Read more

    • Published: Oct. 17, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2011-1129

    Cross-site scripting (XSS) vulnerability in the EditNews function in ManageNews.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, might allow remote authenticated users to inject arbitrary web script or HTML via a save_items action... Read more

    Affected Products : smf
    • Published: Jun. 21, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2011-2271

    Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote authenticated users to affect integrity via unknown vectors related to Attachments / File Upload.... Read more

    Affected Products : e-business_suite
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 293493 Results