Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2023-22489

    Flarum is a discussion platform for websites. If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission o... Read more

    Affected Products : flarum
    • Published: Jan. 13, 2023
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2024-23319

    Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Feb. 09, 2024
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2012-2202

    Directory traversal vulnerability in javatester_init.php in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allows remote authenticated administrators to read arbitrary files via a .. (dot ... Read more

    • Published: Jul. 27, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-4374

    Cross-site scripting (XSS) vulnerability in the Webform module before 6.x-3.23, 7.x-3.x before 7.x-3.23, and 7.x-4.x before 7.x-4.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a componen... Read more

    Affected Products : webform
    • Published: Jun. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2017-1150

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to view. IBM Reference #: 1999515.... Read more

    Affected Products : db2
    • Published: Mar. 08, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2022-0279

    The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users... Read more

    Affected Products : anycomment
    • Published: Feb. 21, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2018-3184

    Vulnerability in the Hyperion BI+ component of Oracle Hyperion (subcomponent: IQR - Foundation Services). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to ... Read more

    Affected Products : hyperion_bi\+ hyperion_workspace
    • Published: Oct. 17, 2018
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2021-33031

    In LabCup before <v2_next_18022, it is possible to use the save API to perform unauthorized actions for users without access to user management in order to, after successful exploitation, gain access to a victim's account. A user without the user-manageme... Read more

    Affected Products : labcup
    • Published: Jun. 10, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2012-4954

    The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a "parameter manipulation" issue.... Read more

    Affected Products : vanilla_forums vanilla
    • Published: Nov. 15, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-4917

    Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 allows remote authenticated users to affect integrity via unknown vectors related to Security, a different vulnerability than CVE-2015-4892.... Read more

    Affected Products : supply_chain_products_suite
    • Published: Oct. 22, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2012-3923

    The SSLVPN implementation in Cisco IOS 12.4, 15.0, 15.1, and 15.2, when DTLS is not enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session in... Read more

    Affected Products : ios
    • Published: Sep. 16, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-2370

    Cross-site scripting (XSS) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to inject arbitrary web script or HTML via crafted data.... Read more

    • Published: Jul. 24, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-0492

    Cross-site scripting (XSS) vulnerability in IBM Informix Open Admin Tool (OAT) 2.x and 3.x before 3.11.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : informix_open_admin_tool
    • Published: Aug. 09, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-5939

    Cross-site scripting (XSS) vulnerability in Welcome.do in the Data Management Portal Web User Interface in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 allows remote authenticated users to inject arbitrary web script or... Read more

    • Published: Mar. 06, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-1040

    Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in BEdita 3.4.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lrealname field in the editProfile form to index.php/home/profile; the (2... Read more

    Affected Products : bedita
    • Published: Jan. 15, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2009-1738

    Cross-site scripting (XSS) vulnerability in Feed Block 6.x-1.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with administrator feed permissions to inject arbitrary web script or HTML via unspecified vectors in "aggregator items."... Read more

    Affected Products : drupal feed_block
    • Published: May. 20, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2014-8897

    Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 b... Read more

    • Published: Dec. 22, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-5500

    Cross-site scripting (XSS) vulnerability in the Navigate module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : navigate
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-6145

    Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence 10.1 before IF10, 10.1.1 before IF9, 10.2 before IF11, 10.2.1 before IF8, and 10.2.1.1 before IF7 allows remote authenticated users to inject arbitrary web script o... Read more

    Affected Products : cognos_business_intelligence
    • Published: Dec. 12, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-0451

    Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 3.0-04 allows remote authenticated users to affect confidentiality via vectors related to OpenSSO Web Agents.... Read more

    Affected Products : fusion_middleware opensso
    • Published: Apr. 16, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293620 Results