Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2013-7274

    Cross-site scripting (XSS) vulnerability in Wallpaper Script 3.5.0082 allows remote authenticated users to inject arbitrary web script or HTML via the title field in a wallpaper file upload.... Read more

    Affected Products : wallpaperscript
    • Published: Jan. 08, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2017-0895

    Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and addressbook has been disclosed.... Read more

    Affected Products : nextcloud_server
    • Published: May. 08, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2014-3740

    Cross-site scripting (XSS) vulnerability in SpiceWorks before 7.2.00195 allows remote authenticated users to inject arbitrary web script or HTML via the Summary field in a ticket request to the portal page.... Read more

    Affected Products : spiceworks
    • Published: Sep. 11, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-0537

    The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to spoof the origin of shared links by leveraging meeting-attendance privileges.... Read more

    • Published: Nov. 09, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-3065

    Cross-site scripting (XSS) vulnerability in the Parental Controls section in Linksys EA6500 with firmware 1.1.28.147876 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Blocked Specific Sites section.... Read more

    Affected Products : ea6500_firmware ea6500
    • Published: Sep. 29, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-3503

    The Profile Importer feature in monarch.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an enti... Read more

    Affected Products : groundwork_monitor
    • Published: May. 08, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-1627

    Cross-site scripting (XSS) vulnerability in vud_term.module in the Vote Up/Down module 6.x-2.x before 6.x-2.8 and 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via taxonomy terms.... Read more

    Affected Products : drupal vote_up_down
    • Published: Sep. 20, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-0578

    The Sterling Order Management APIs in IBM Sterling Multi-Channel Fulfillment Solution 8.0 before HF128 and IBM Sterling Selling and Fulfillment Foundation 8.5 before HF93, 9.0 before HF73, 9.1.0 before FP45, and 9.2.0 before FP17, when the API tester is e... Read more

    • Published: May. 10, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-0193

    Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject a... Read more

    Affected Products : business_process_manager websphere
    • Published: May. 30, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2006-6820

    myprofile.asp in Enthrallweb eCoupons does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modif... Read more

    Affected Products : ecoupons
    • Published: Dec. 29, 2006
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2010-1108

    Cross-site scripting (XSS) vulnerability in the Control Panel module 5.x through 5.x-1.5 and 6.x through 6.x-1.2 for Drupal allows remote authenticated users, with "administer blocks" privileges, to inject arbitrary web script or HTML via unspecified vect... Read more

    Affected Products : drupal controlpanel
    • Published: Mar. 25, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-2995

    Multiple cross-site scripting (XSS) vulnerabilities in twitget.php in the Twitget plugin before 3.3.3 for WordPress allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors, as demonstrated by the twitget_co... Read more

    Affected Products : twitget
    • Published: Oct. 17, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2011-1424

    The default configuration of ExShortcut\Web.config in EMC SourceOne Email Management before 6.6 SP1, when the Mobile Services component is used, does not properly set the localOnly attribute of the trace element, which allows remote authenticated users to... Read more

    • Published: May. 24, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-4063

    Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/... Read more

    Affected Products : newstatpress
    • Published: May. 27, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-2042

    Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the url parameter to (1) apps/bookmarks/ajax/addBookmark... Read more

    Affected Products : owncloud owncloud_server
    • Published: Mar. 14, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-3880

    The App Container feature in the kernel-mode drivers in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to bypass intended access restrictions and obtain sensitive information from a different container via a Trojan horse ... Read more

    • Published: Oct. 09, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-2985

    Cross-site scripting (XSS) vulnerability in InsertDocument.aspx in CuteSoft Cute Editor 6.4 allows remote authenticated users to inject arbitrary web script or HTML via the _UploadID parameter.... Read more

    Affected Products : cute_editor
    • Published: Aug. 21, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-6173

    Cross-site scripting (XSS) vulnerability in the Process Inspector in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : business_process_manager
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2010-3732

    The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows for executing a prepared statement with a large number of ... Read more

    Affected Products : db2
    • Published: Oct. 05, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-4279

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 allows remote authenticated users to affect integrity via vectors related to PIA Core Technology.... Read more

    Affected Products : peoplesoft_products
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 294068 Results