Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2014-0832

    Multiple cross-site scripting (XSS) vulnerabilities in configuration-details screens in the OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted t... Read more

    Affected Products : financial_transaction_manager
    • Published: Feb. 01, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2019-2735

    Vulnerability in the Oracle Hyperion Workspace component of Oracle Hyperion (subcomponent: UI and Visualization). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via ... Read more

    Affected Products : hyperion_workspace
    • Published: Jul. 23, 2019
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2013-5690

    Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) content with the text/xml MIME type or (2) the Status comment field of an appointment... Read more

    Affected Products : open-xchange_appsuite
    • Published: Oct. 03, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-2404

    Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote authenticated users to affect integrity via unknown vectors related to Account.... Read more

    Affected Products : e-business_suite
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2009-0699

    Cross-site scripting (XSS) vulnerability in pagesUTF8/auftrag_allgemeinauftrag.jsp in Plunet BusinessManager 4.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the (1) QUB and (2) Bez74 parameters.... Read more

    Affected Products : business_manager
    • Published: Feb. 23, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2013-5404

    Cross-site scripting (XSS) vulnerability in the search implementation in IBM Rational Quality Manager (RQM) 2.0 through 2.0.1.1, 3.x before 3.0.1.6 iFix 1, and 4.x before 4.0.5, as used in Rational Team Concert, Rational Requirements Composer, and other p... Read more

    • Published: Dec. 10, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-3617

    The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces,... Read more

    Affected Products : openbravo_erp
    • Published: Nov. 02, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2007-0830

    Multiple cross-site scripting (XSS) vulnerabilities in the Admin Control Panel (AdminCP) in Jelsoft vBulletin 3.6.4 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors related to the (1) User Group Mana... Read more

    Affected Products : vbulletin
    • Published: Feb. 07, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2009-0818

    Cross-site scripting (XSS) vulnerability in the taxonomy_theme_admin_table_builder function (taxonomy_theme_admin.inc) in Taxonomy Theme module before 5.x-1.2, a module for Drupal, allows remote authenticated users with the "administer taxonomy" permissio... Read more

    Affected Products : drupal taxonomy_theme_module
    • Published: Mar. 05, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2007-5731

    Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.... Read more

    Affected Products : jakarta_slide
    • Published: Oct. 30, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2013-6237

    The ISL Desktop plugin for Windows before 1.4.7 for ISL Light 3.5.4 and earlier allows remote authenticated users to obtain sensitive information by pasting the clipboard contents that have been copied by another user in the session.... Read more

    Affected Products : isl_desktop_plugin isl_light
    • Published: Dec. 10, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2008-4542

    Cross-site scripting (XSS) vulnerability in Cisco Unity 4.x before 4.2(1)ES162, 5.x before 5.0(1)ES56, and 7.x before 7.0(2)ES8 allows remote authenticated administrators to inject arbitrary web script or HTML by entering it in the database (aka data stor... Read more

    Affected Products : unity
    • Published: Oct. 13, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2012-4934

    TomatoCart 1.1.7, when the PayPal Express Checkout module is enabled in sandbox mode, allows remote authenticated users to bypass intended payment requirements by modifying a certain redirection URL.... Read more

    Affected Products : tomatocart
    • Published: Oct. 31, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2007-3818

    Cross-site scripting (XSS) vulnerability in the LoginToboggan module 5.x-1.x-dev before 20070712 for Drupal allows remote authenticated users with "administer blocks" permission to inject arbitrary JavaScript and gain privileges via "the message displayed... Read more

    Affected Products : logintoboggan_module
    • Published: Jul. 17, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2009-4116

    Multiple directory traversal vulnerabilities in CutePHP CuteNews 1.4.6, when magic_quotes_gpc is disabled, allow remote authenticated users with editor or administrative application access to read arbitrary files via a .. (dot dot) in the source parameter... Read more

    Affected Products : cutenews
    • Published: Nov. 30, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2013-6307

    Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • Published: Nov. 29, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-6064

    Directory traversal vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) before 1.11.2.1 allows remote authenticated administrators to delete arbitrary files via a .. (dot dot) in the deld parameter. NOTE: this can be lever... Read more

    Affected Products : cms_made_simple
    • Published: Dec. 03, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-0909

    Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote authenticated users to affect confidentiality via unknown vectors.... Read more

    Affected Products : e-business_suite
    • Published: Jul. 13, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-2113

    Multiple cross-site request forgery (CSRF) vulnerabilities in The Uniform Server 5.6.5 allow remote attackers to hijack the authentication of administrators for requests that change passwords via (1) apsetup.php, (2) psetup.php, (3) sslpsetup.php, or (4) ... Read more

    Affected Products : uniformserver
    • Published: May. 28, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-5438

    Cross-site scripting (XSS) vulnerability in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allows remote authenticated users to inject arbitrary web script or HTML via the computer_name parameter to connected_devices_com... Read more

    • Published: Dec. 17, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293350 Results