Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2013-4340

    wp-admin/includes/post.php in WordPress before 3.6.1 allows remote authenticated users to spoof the authorship of a post by leveraging the Author role and providing a modified user_ID parameter.... Read more

    Affected Products : wordpress
    • Published: Sep. 12, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2006-6514

    Winamp Web Interface (Wawi) 7.5.13 and earlier uses an insufficient comparison to determine whether a directory is located below the application's root directory, which allows remote authenticated users to access certain other directories if the name of t... Read more

    Affected Products : winamp_web_interface
    • Published: Dec. 14, 2006
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2013-3742

    Cross-site scripting (XSS) vulnerability in view_create.php (aka the Create View page) in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an invalid SQL CREATE VIEW statement with a crafted name tha... Read more

    Affected Products : phpmyadmin
    • Published: Jul. 04, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-5418

    Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a... Read more

    Affected Products : websphere_application_server
    • Published: Nov. 18, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-2641

    Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.... Read more

    Affected Products : ubuntu_linux mysql
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2007-5403

    Multiple cross-site scripting (XSS) vulnerabilities in Layton HelpBox 3.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Forename, (2) Surname, (3) Telephone, and (4) Fax fields to writeenduserenduser.asp; the (5) Fi... Read more

    Affected Products : helpbox
    • Published: Jan. 09, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2015-4861

    Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.... Read more

    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2019-1010310

    GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder description. The impact is: Admins can phish any user or group of users for credentials / credit cards. The component is: Tool... Read more

    Affected Products : glpi
    • Published: Jul. 12, 2019
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2013-5414

    The migration functionality in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 does not properly support the distinction between the admin role and the adminsecmanager role, which allows remote authen... Read more

    Affected Products : websphere_application_server
    • Published: Nov. 18, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-5353

    The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a su... Read more

    • Published: Dec. 16, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-5572

    Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldap_bind_password value in the HTML source code.... Read more

    Affected Products : zabbix
    • Published: Oct. 01, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-5096

    Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors.... Read more

    Affected Products : ubuntu_linux mysql mariadb
    • Published: Jan. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2008-3095

    Cross-site scripting (XSS) vulnerability in the Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote authenticated users, with group owner permissions, to inject arbitrary web script or HTML via unsp... Read more

    • Published: Jul. 09, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2006-0657

    Cross-site scripting (XSS) vulnerability in Softcomplex PHP Event Calendar 1.5 allows remote authenticated users to inject arbitrary web script or HTML, and corrupt data, via the (1) username and (2) password parameters, which are not sanitized before bei... Read more

    Affected Products : php_event_calendar
    • Published: Feb. 13, 2006
    • Modified: Apr. 03, 2025

  • 3.5

    LOW
    CVE-2008-2761

    Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute Banner Manager XE 2.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the text parameter in (1) searchbanners.asp and (2) listadvertisers.asp, and o... Read more

    Affected Products : absolute_banner_manager
    • Published: Jun. 18, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2008-2590

    Unspecified vulnerability in the Instance Management component in Oracle Database 10.1.0.5 and Enterprise Manager 10.1.0.6 has unknown impact and remote authenticated attack vectors.... Read more

    • Published: Jul. 15, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2008-2758

    Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute News Manager XE 3.2 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) pblname and (2) text parameters to (a) admin/search.asp, (3) name parame... Read more

    Affected Products : absolute_news_manager_xe
    • Published: Jun. 18, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2008-2764

    Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla Absolute Live Support XE 5.1 allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors ("all fields").... Read more

    Affected Products : absolute_live_support_xe
    • Published: Jun. 18, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2008-2831

    Multiple cross-site scripting (XSS) vulnerabilities in the delegated spam management feature in the Spam Quarantine Management (SQM) component in MailMarshal SMTP 6.0.3.8 through 6.3.0.0 allow user-assisted remote authenticated users to inject arbitrary w... Read more

    Affected Products : e10000_appliance smtp
    • Published: Oct. 02, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2024-0351

    A vulnerability classified as problematic has been found in SourceCodester Engineers Online Portal 1.0. This affects an unknown part. The manipulation leads to session fixiation. It is possible to initiate the attack remotely. The complexity of an attack ... Read more

    Affected Products : engineers_online_portal
    • Published: Jan. 09, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 293555 Results