Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2014-8320

    Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.12 and 7.x-1.x before 7.x-1.14 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the "Label text" fiel... Read more

    Affected Products : custom_search
    • Published: Oct. 17, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2010-2113

    Multiple cross-site request forgery (CSRF) vulnerabilities in The Uniform Server 5.6.5 allow remote attackers to hijack the authentication of administrators for requests that change passwords via (1) apsetup.php, (2) psetup.php, (3) sslpsetup.php, or (4) ... Read more

    Affected Products : uniformserver
    • Published: May. 28, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-4275

    Multiple cross-site scripting (XSS) vulnerabilities in Radius Manager 3.8.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) name or (2) descr parameter in an (a) update_usergroup or a (b) store_nas action to ad... Read more

    Affected Products : radius_manager
    • Published: Dec. 22, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-0579

    Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.4.0 allows remote authenticated users to affect confidentiality via unknown vectors related to C... Read more

    Affected Products : financial_services_software
    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-0737

    Cross-site scripting (XSS) vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : rational_appscan
    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-1979

    Cross-site scripting (XSS) vulnerability in starnet/index.php in SyndeoCMS 3.0.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the email parameter (aka Email address field) in an edit_user configuration action.... Read more

    Affected Products : syndeocms
    • Published: Apr. 17, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2005-4192

    Multiple cross-site scripting (XSS) vulnerabilities in templates/notepads/notepads.inc in Horde Mnemo Note Manager H3 before 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) the notepad's name or (2) description, when ... Read more

    Affected Products : mnemo_note_manager_h3
    • Published: Dec. 13, 2005
    • Modified: Apr. 03, 2025

  • 3.5

    LOW
    CVE-2014-0853

    Multiple cross-site scripting (XSS) vulnerabilities in the (1) ForwardController and (2) AttributeEditor scripts in IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allow remote authenticated users to inject arbitrary web scr... Read more

    Affected Products : rational_focal_point
    • Published: Feb. 26, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-0861

    Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote attackers to inject arbitrary web script o... Read more

    Affected Products : cognos_business_intelligence
    • Published: Feb. 22, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-0307

    Cross-site scripting (XSS) vulnerability in settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allows remote administrators to inject arbitrary web script or HTML via the group input field parameter.... Read more

    Affected Products : owncloud owncloud_server
    • Published: Mar. 14, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-8578

    Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a d... Read more

    Affected Products : horizon
    • Published: Oct. 31, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-7870

    Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.12 and 7.x-1.x before 7.x-1.14 for Drupal allows remote authenticated users with the "administer custom search" permission to inject arbitrary web script or HTML via... Read more

    Affected Products : custom_search_module
    • Published: Oct. 06, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-7978

    Cross-site scripting (XSS) vulnerability in the BlueMasters theme 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via vectors related to theme settings.... Read more

    Affected Products : bluemasters
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2010-2404

    Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote authenticated users to affect integrity via unknown vectors related to Account.... Read more

    Affected Products : e-business_suite
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-8317

    Cross-site scripting (XSS) vulnerability in the Webform Validation module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a component name t... Read more

    Affected Products : webform_validation
    • Published: Oct. 17, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2024-47612

    DataDump is a MediaWiki extension that provides dumps of wikis. Several interface messages are unescaped (more specifically, (datadump-table-column-queued), (datadump-table-column-in-progress), (datadump-table-column-completed), (datadump-table-column-fai... Read more

    Affected Products : datadump
    • Published: Oct. 02, 2024
    • Modified: Oct. 04, 2024

  • 3.5

    LOW
    CVE-2019-2735

    Vulnerability in the Oracle Hyperion Workspace component of Oracle Hyperion (subcomponent: UI and Visualization). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via ... Read more

    Affected Products : hyperion_workspace
    • Published: Jul. 23, 2019
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2007-3559

    Cross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/shoutbox_panel.php in PHP-Fusion 6.01.10 and 6.01.9, when guest posts are enabled, allows remote authenticated users to inject arbitrary web script or HTML via the URI, related to the FU... Read more

    Affected Products : phpfusion php-fusion
    • Published: Jul. 04, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2007-4427

    Unspecified vulnerability in the login page redirection logic in the Cache' Server Page (CSP) implementation in InterSystems Cache' 2007.1.0.369.0 and 2007.1.1.420.0 allows remote authenticated users to modify data on a server, related to encoding of cert... Read more

    Affected Products : cache_database
    • Published: Aug. 20, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2007-4413

    Direct static code injection vulnerability in admincp/user_help.php in Headstart Solutions DeskPRO 3.0.2 allows remote authenticated users to inject arbitrary PHP code into an unspecified file via a new_entry value in the do parameter.... Read more

    Affected Products : deskpro
    • Published: Aug. 18, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 293435 Results