Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2021-32655

    Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to convert a Files Drop link to a federated share. This causes an issue on the UI side of the sharing user. When the ... Read more

    Affected Products : nextcloud_server notes
    • Published: Jun. 01, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2015-4914

    Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, 11.1.1.7, 11.1.1.9, 12.1.2.0, and 12.1.3.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web Listener.... Read more

    Affected Products : http_server fusion_middleware
    • Published: Oct. 22, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-6196

    Cross-site scripting (XSS) vulnerability in HP Autonomy Ultraseek 5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : autonomy_ultraseek
    • Published: Dec. 21, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-1458

    Cross-site scripting (XSS) vulnerability in the web administration interface in FortiGuard FortiWeb 5.0.3 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : fortiweb
    • Published: Feb. 04, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-2068

    The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump.... Read more

    Affected Products : jenkins
    • Published: Oct. 17, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-6039

    Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via crafted content in an Office Marketplace instance, aka "Micros... Read more

    • Published: Oct. 14, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-3174

    mod/quiz/db/access.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted gr... Read more

    Affected Products : moodle
    • Published: Jun. 01, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2009-3029

    Cross-site scripting (XSS) vulnerability in the console in Symantec SecurityExpressions Audit and Compliance Server 4.1.1, 4.1, and earlier allows remote authenticated users to inject arbitrary web script or HTML via "external client input" that triggers ... Read more

    • Published: Oct. 15, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2014-3095

    The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted UNION clause in a ... Read more

    Affected Products : linux_kernel db2 windows
    • Published: Sep. 04, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-4756

    The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4.x before 8.1.4.4 allows remote authenticated users to hijack sessions via unspecified vectors.... Read more

    Affected Products : rational_license_key_server
    • Published: Sep. 10, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-4770

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated administrators to inject arbitrary web script or HTML via... Read more

    Affected Products : websphere_application_server
    • Published: Sep. 23, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-3988

    Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance image, (2) Nova flavor or (3) Host Aggregate.... Read more

    Affected Products : solaris horizon
    • Published: May. 19, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-6487

    Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote authenticated users to affect integrity via unknown vectors related to End User Self Service.... Read more

    Affected Products : identity_manager fusion_middleware
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-6525

    Unspecified vulnerability in the Oracle Web Applications Desktop Integrator component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote authenticated users to affect integrity via unknown vectors related to Tem... Read more

    Affected Products : e-business_suite
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-4765

    Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect integrity via vectors related to OAM Dashboard.... Read more

    Affected Products : e-business_suite
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-5378

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging incorrect IBM Connections integration.... Read more

    Affected Products : websphere_portal
    • Published: Nov. 13, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-5764

    Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect availability via unknown vectors.... Read more

    Affected Products : database_server
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-2522

    Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via crafted content, aka "Microsoft SharePoint XSS Spoofing Vulnerability."... Read more

    Affected Products : sharepoint_foundation
    • Published: Sep. 09, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2010-0155

    CRLF injection vulnerability in load.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticated users to inject arbitrary HTTP headers and conduct HT... Read more

    • Published: Sep. 14, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2009-2076

    Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via (1) exposed filters in the Views UI administrative interface and in the (2) view name p... Read more

    Affected Products : drupal views
    • Published: Jun. 16, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 293946 Results