Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2012-1344

    Cisco IOS 15.1 and 15.2, when a clientless SSL VPN is configured, allows remote authenticated users to cause a denial of service (device reload) by using a web browser to refresh the SSL VPN portal page, as demonstrated by the Android browser, aka Bug ID ... Read more

    Affected Products : ios
    • Published: Aug. 06, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2011-5030

    Cross-site scripting (XSS) vulnerability in the Meta tags quick module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors, probably related to "names ... Read more

    Affected Products : drupal meta_tags_quick
    • Published: Dec. 29, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-1370

    Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 allows remote authenticated users to cause a denial of service (vpnagentd process crash) via a crafted packet, aka Bug ID CSCty01670.... Read more

    Affected Products : anyconnect_secure_mobility_client
    • Published: Aug. 06, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-0706

    IBM Scale Out Network Attached Storage (SONAS) 1.3 before 1.3.2.3 requires cleartext storage of LDAP credentials without recommending a less privileged LDAP account, which might allow attackers to obtain sensitive server information by leveraging root acc... Read more

    • Published: Apr. 07, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2011-5269

    Cross-site scripting (XSS) vulnerability in ProjectForge before 3.5.3 allows remote authenticated users to inject arbitrary web script or HTML via a validation message.... Read more

    Affected Products : projectforge
    • Published: Jan. 02, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-1739

    Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Financials Busi... Read more

    Affected Products : e-business_suite
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-1417

    Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com.... Read more

    • Published: Sep. 17, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-0505

    Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.... Read more

    • Published: Apr. 16, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2007-6421

    Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.... Read more

    Affected Products : http_server
    • Published: Jan. 08, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2007-4888

    The "You are not allowed..." error handler in XWiki 1.0 B1 and 1.0 B2 associates the doc variable with the entire document content and metadata regardless of a user's view rights, which allows remote authenticated users to read arbitrary documents via a c... Read more

    Affected Products : xwiki
    • Published: Sep. 14, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2007-4427

    Unspecified vulnerability in the login page redirection logic in the Cache' Server Page (CSP) implementation in InterSystems Cache' 2007.1.0.369.0 and 2007.1.1.420.0 allows remote authenticated users to modify data on a server, related to encoding of cert... Read more

    Affected Products : cache_database
    • Published: Aug. 20, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2007-3559

    Cross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/shoutbox_panel.php in PHP-Fusion 6.01.10 and 6.01.9, when guest posts are enabled, allows remote authenticated users to inject arbitrary web script or HTML via the URI, related to the FU... Read more

    Affected Products : phpfusion php-fusion
    • Published: Jul. 04, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2007-4523

    Multiple cross-site scripting (XSS) vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote authenticated users to inject arbitrary web script or HTML via one or more of the following vectors: the (1) id parameter to (a) pages/delete_page.p... Read more

    Affected Products : ripe_website_manager
    • Published: Aug. 25, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2023-3511

    An issue has been discovered in GitLab EE affecting all versions starting from 8.17 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible for auditor users to fork and submit merge req... Read more

    Affected Products : gitlab
    • Published: Dec. 15, 2023
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2012-1987

    Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory... Read more

    • Published: May. 29, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2007-4927

    axis-cgi/buffer/command.cgi on the AXIS 207W camera allows remote authenticated users to cause a denial of service (reboot) via many requests with unique buffer names in the buffername parameter in a start action.... Read more

    Affected Products : 207w_network_camera
    • Published: Sep. 18, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2007-1732

    Cross-site scripting (XSS) vulnerability in an mt import in wp-admin/admin.php in WordPress 2.1.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the demo parameter. NOTE: the provenance of this information is unknow... Read more

    Affected Products : wordpress
    • Published: Mar. 28, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2012-3445

    The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set ... Read more

    Affected Products : libvirt
    • Published: Aug. 07, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2025-55455

    DooTask v1.0.51 was dicovered to contain an authenticated arbitrary download vulnerability via the component /msg/sendtext.... Read more

    Affected Products :
    • Published: Aug. 22, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Authentication

  • 3.5

    LOW
    CVE-2007-1828

    Multiple cross-site scripting (XSS) vulnerabilities in web-app.org WebAPP before 0.9.9.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the QUERY_STRING corresponding to drop downs or (2) various forms.... Read more

    Affected Products : webapp
    • Published: Apr. 03, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 293414 Results