Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2006-1270

    Multiple cross-site scripting (XSS) vulnerabilities in zones.php in Inprotect 0.21 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Description field. NOTE: the provenance of this information is unknown; the details a... Read more

    Affected Products : inprotect
    • Published: Mar. 19, 2006
    • Modified: Apr. 03, 2025

  • 3.5

    LOW
    CVE-2012-0544

    Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.4.0 allows remote authenticated users to affect integrity via unknown vectors related to Core, a... Read more

    Affected Products : financial_services_software
    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2006-6822

    myprofile.asp in Enthrallweb eClassifieds does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a m... Read more

    Affected Products : eclassifieds
    • Published: Dec. 29, 2006
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2007-2702

    Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the rich text editor.... Read more

    Affected Products : weblogic_portal weblogic_portal
    • Published: May. 16, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2007-2746

    The viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm in Plain Black WebGUI before 7.3.14 does not properly use data structures containing privilege information, which allows remote authenticated users to obtain sensitive information or possibly h... Read more

    Affected Products : webgui
    • Published: May. 17, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2006-1281

    Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272. NOTE: 1.10 was later reported to be ... Read more

    Affected Products : mybulletinboard
    • Published: Mar. 19, 2006
    • Modified: Apr. 03, 2025

  • 3.5

    LOW
    CVE-2012-0577

    Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.4.0 allows remote authenticated users to affect availability via unknown vectors related to Core... Read more

    Affected Products : financial_services_software
    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-2467

    Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect integrity via unknown vectors related to Security, a different vulnerability than CVE-2014-2445.... Read more

    Affected Products : supply_chain_products_suite
    • Published: Apr. 16, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2023-22329

    Improper input validation in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via adjacent access.... Read more

    • Published: Nov. 14, 2023
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2011-1570

    Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than... Read more

    Affected Products : windows_7 liferay_portal
    • Published: May. 07, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2025-2295

    EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service.... Read more

    Affected Products : edk2
    • Published: Mar. 14, 2025
    • Modified: Mar. 14, 2025
    • Vuln Type: Denial of Service

  • 3.5

    LOW
    CVE-2022-3624

    A vulnerability was found in Linux Kernel and classified as problematic. Affected by this issue is the function rlb_arp_xmit of the file drivers/net/bonding/bond_alb.c of the component IPsec. The manipulation leads to memory leak. It is recommended to app... Read more

    Affected Products : linux_kernel
    • Published: Oct. 21, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2024-41839

    Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affec... Read more

    • Published: Jul. 23, 2024
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2023-36479

    Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet... Read more

    Affected Products : debian_linux jetty
    • Published: Sep. 15, 2023
    • Modified: May. 27, 2025

  • 3.5

    LOW
    CVE-2023-28845

    Nextcloud talk is a video & audio conferencing app for Nextcloud. In affected versions the talk app does not properly filter access to a conversations member list. As a result an attacker could use this vulnerability to gain information about the members ... Read more

    Affected Products : talk nextcloud_server notes
    • Published: Mar. 31, 2023
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2021-2336

    Vulnerability in the Oracle Database - Enterprise Edition Data Redaction component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Creat... Read more

    Affected Products : database database_server
    • Published: Jul. 21, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2021-39164

    Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership (list of members, with their display names) of a room if they know the ID of the room. The vulnerabil... Read more

    Affected Products : fedora synapse
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2021-39163

    Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the name, avatar, topic and number of members of a room if they know the ID of the room. This vulnerability is limit... Read more

    Affected Products : fedora synapse
    • Published: Aug. 31, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2020-27601

    In BigBlueButton before 2.2.7, lockSettingsProps.disablePrivateChat does not apply to already opened chats. This occurs in bigbluebutton-html5/imports/ui/components/chat/service.js.... Read more

    Affected Products : bigbluebutton
    • Published: Sep. 29, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2015-0123

    Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix 5, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different v... Read more

    Affected Products : rational_team_concert
    • Published: Mar. 13, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293261 Results