Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2006-6513

    The CControl::Download function (/dl URI) in Winamp Web Interface (Wawi) 7.5.13 and earlier allows remote authenticated users to download arbitrary file types under the root via a trailing "." (dot) in a filename in the file parameter, related to erroneou... Read more

    Affected Products : winamp_web_interface
    • Published: Dec. 14, 2006
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2015-0193

    Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject a... Read more

    Affected Products : business_process_manager websphere
    • Published: May. 30, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-2827

    Cross-site scripting (XSS) vulnerability in CA Spectrum 9.2.x and 9.3.x before 9.3 H02 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : spectrum spectrum
    • Published: Apr. 08, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-3921

    Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter.... Read more

    Affected Products : coppermine_photo_gallery
    • Published: May. 27, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-6536

    Unspecified vulnerability in the Agile PLM component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect integrity via unknown vectors related to Security.... Read more

    Affected Products : supply_chain_products_suite
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-0127

    IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 does not properly restrict use of FRAME elements, which allows remote authenticated users ... Read more

    Affected Products : leads
    • Published: Jun. 28, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-8893

    Multiple cross-site scripting (XSS) vulnerabilities in (1) mainpage.jsp and (2) GetImageServlet.img in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allow remote authenticated users to inject arbitrary web script... Read more

    Affected Products : tririga_application_platform
    • Published: Jan. 29, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2009-4371

    Cross-site scripting (XSS) vulnerability in the Locale module (modules/locale/locale.module) in Drupal Core 6.14, and possibly other versions including 6.15, allows remote authenticated users with "administer languages" permissions to inject arbitrary web... Read more

    Affected Products : drupal
    • Published: Dec. 21, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2008-0945

    Format string vulnerability in the logging function in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecifi... Read more

    Affected Products : instant_messaging imserver
    • Published: Feb. 25, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2013-3065

    Cross-site scripting (XSS) vulnerability in the Parental Controls section in Linksys EA6500 with firmware 1.1.28.147876 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Blocked Specific Sites section.... Read more

    Affected Products : ea6500_firmware ea6500
    • Published: Sep. 29, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-7274

    Cross-site scripting (XSS) vulnerability in Wallpaper Script 3.5.0082 allows remote authenticated users to inject arbitrary web script or HTML via the title field in a wallpaper file upload.... Read more

    Affected Products : wallpaperscript
    • Published: Jan. 08, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2021-42700

    Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information.... Read more

    Affected Products : inkscape
    • Published: May. 18, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2021-3716

    A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBD_OPT_STRUCTURED_REPLY before proxying everything else a client sends to the serve... Read more

    Affected Products : enterprise_linux nbdkit
    • Published: Mar. 02, 2022
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2024-52831

    Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and aff... Read more

    • Published: Dec. 10, 2024
    • Modified: Jan. 15, 2025

  • 3.5

    LOW
    CVE-2021-40086

    An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the configuration of the aliases for SCEP, CMP, EST, and Auto-enrollment, the enrollment secret was reflected on a page (that can only be viewed by an administrator). While hidden from dir... Read more

    Affected Products : ejbca
    • Published: Aug. 25, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2024-52611

    The SolarWinds Platform is vulnerable to an information disclosure vulnerability through an error message. While the data does not provide anything sensitive, the information could assist an attacker in other malicious actions.... Read more

    Affected Products : solarwinds_platform
    • Published: Feb. 11, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Information Disclosure

  • 3.5

    LOW
    CVE-2017-1150

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to view. IBM Reference #: 1999515.... Read more

    Affected Products : db2
    • Published: Mar. 08, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2021-27913

    The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session ... Read more

    Affected Products : mautic
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2012-4954

    The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a "parameter manipulation" issue.... Read more

    Affected Products : vanilla_forums vanilla
    • Published: Nov. 15, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-5420

    CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded application password, which makes it easier for remote authenticated users to obtain application-file access via unspecified vectors.... Read more

    Affected Products : pyxis_supplystation
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293360 Results