Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2013-6003

    CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vectors.... Read more

    Affected Products : garoon
    • Published: Dec. 05, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-0843

    Cross-site scripting (XSS) vulnerability in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to inject arbitrary web script or HTML by uploading a file.... Read more

    Affected Products : rational_focal_point
    • Published: Feb. 26, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-6301

    Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated ... Read more

    Affected Products : algo_one
    • Published: Mar. 05, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-5406

    Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, leading to improper interaction with t... Read more

    • Published: Dec. 21, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-3045

    The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to share crafted links via the Library function.... Read more

    • Published: Nov. 09, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-6310

    Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : marketing_platform
    • Published: Jun. 28, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-5402

    Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utili... Read more

    • Published: Dec. 18, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-0824

    Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.8 LAFIX.20140319-0839 and 7.1.1.12 before IFIX.20140321-1336 and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change an... Read more

    • Published: May. 26, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-5326

    Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 12, 9.0.1 before Update 11, 9.0.2 before Update 6, and 10 before Update 12, when the CFIDE directory is available, allows remote authenticated users to inject arbitrary web scr... Read more

    Affected Products : coldfusion
    • Published: Nov. 13, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-5317

    Cross-site scripting (XSS) vulnerability in RiteCMS 1.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the mode parameter to cms/index.php.... Read more

    Affected Products : ritecms
    • Published: Aug. 20, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-5390

    Cross-site scripting (XSS) vulnerability in the monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : websphere_extreme_scale
    • Published: Oct. 16, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-0915

    Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo Asset Management 6.2 through 6.2.8, 6.x and 7.1 through 7.1.1.2, and 7.5 through 7.5.0.6; Maximo Asset Management 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk; ... Read more

    • Published: Jul. 30, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2012-3396

    Cross-site scripting (XSS) vulnerability in cohort/edit_form.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the idnumb... Read more

    Affected Products : moodle
    • Published: Jul. 23, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-0825

    Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM Maximo Asset Management 7.x before 7.1.1.12 IFIX.20140321-1336 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset M... Read more

    • Published: May. 26, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-0844

    Unspecified vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to read arbitrary data via unknown vectors.... Read more

    • Published: Mar. 04, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2010-1481

    Cross-site scripting (XSS) vulnerability in the table feature in PmWiki 2.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the width attribute.... Read more

    Affected Products : pmwiki
    • Published: May. 12, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2008-5999

    Cross-site scripting (XSS) vulnerability in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allows remote authenticated users, with create and edit permissions for posts, to inject arbitrary web script or HTML via unspecified vectors involving the... Read more

    Affected Products : drupal ajax_checklist
    • Published: Jan. 28, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2009-4559

    Cross-site scripting (XSS) vulnerability in the Submitted By module 6.x before 6.x-1.3 for Drupal allows remote authenticated users, with "administer content types" privileges, to inject arbitrary web script or HTML via an input string for "submitted by" ... Read more

    Affected Products : drupal submitted_by
    • Published: Jan. 04, 2010
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2009-3891

    Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in WordPress before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML via the s parameter (aka the selection variable).... Read more

    Affected Products : wordpress
    • Published: Nov. 17, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2009-4567

    Multiple cross-site scripting (XSS) vulnerabilities in editprofile.php in Viscacha 0.8 Gold allow remote authenticated users to inject arbitrary web script or HTML via the (1) skype, (2) yahoo, (3) aol, (4) msn, or (5) jabber parameter in a profile2 actio... Read more

    Affected Products : viscacha
    • Published: Jan. 05, 2010
    • Modified: Apr. 09, 2025
Showing 20 of 293408 Results