Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2014-3075

    Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere Lombardi Edition 7.2.0.x allows remote authenticated users to inject arbitrary web script or HTML via an uploaded file.... Read more

    • Published: Sep. 04, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2016-2874

    IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 mishandles authorization, which allows remote authenticated users to obtain sensitive information via unspecified vectors.... Read more

    • Published: Nov. 30, 2016
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-6913

    Cross-site scripting (XSS) vulnerability in a search component in Cybozu Garoon before 3.7.2, when Internet Explorer is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : internet_explorer garoon
    • Published: Dec. 05, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-5939

    Cross-site scripting (XSS) vulnerability in Welcome.do in the Data Management Portal Web User Interface in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 allows remote authenticated users to inject arbitrary web script or... Read more

    • Published: Mar. 06, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2007-1368

    The Project issue tracking module before 4.7.x-1.3, 4.7.x-2.* before 4.7.x-2.3, and 5 before 5.x-0.2-beta for Drupal allows remote authenticated users, with "access project issues" permission, to read the contents of a private node via a URL with a modifi... Read more

    Affected Products : drupal_project_issue_tracking
    • Published: Mar. 09, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2012-3192

    Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect integrity, related to Rich Text Editor (RTE).... Read more

    Affected Products : peoplesoft_products
    • Published: Jan. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2008-2849

    Cross-site scripting (XSS) vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote authenticated users, with create post permissions, to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : trailscout_module
    • Published: Jun. 25, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2017-3320

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via... Read more

    Affected Products : mysql
    • Published: Jan. 27, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2009-4963

    Cross-site scripting (XSS) vulnerability in the Commerce extension before 0.9.9 for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : commerce_extension typo3
    • Published: Jul. 28, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2009-3206

    Multiple cross-site scripting (XSS) vulnerabilities in the ImageCache module 5.x before 5.x-2.5 and 6.x before 6.x-2.0-beta10, a module for Drupal, allow remote authenticated users, with "administer imagecache" permissions, to inject arbitrary web script ... Read more

    Affected Products : drupal imagecache
    • Published: Sep. 16, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2024-52507

    Nextcloud Tables allows users to to create tables with individual columns. The information which Table (numeric ID) is shared with which groups and users and the respective permissions was not limited to affected users. It is recommended that the Nextclou... Read more

    Affected Products : notes
    • Published: Nov. 15, 2024
    • Modified: Nov. 18, 2024

  • 3.5

    LOW
    CVE-2014-4763

    Cross-site scripting (XSS) vulnerability in Content Navigator in Content Engine in IBM FileNet Content Manager 5.2.x before 5.2.0.3-P8CPE-IF003 and Content Foundation 5.2.x before 5.2.0.3-P8CPE-IF003 allows remote authenticated users to inject arbitrary w... Read more

    • Published: Sep. 15, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2016-8535

    A remote HTTP parameter Pollution vulnerability in HPE Matrix Operating Environment version 7.6 was found.... Read more

    Affected Products : matrix_operating_environment
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2010-0370

    Cross-site scripting (XSS) vulnerability in the Node Blocks module 5.x-1.1 and earlier, and 6.x-1.3 and earlier, a module for Drupal, allows remote authenticated users, with permissions to create or edit content and administer blocks, to inject arbitrary ... Read more

    Affected Products : drupal nodeblock nodeblock
    • Published: Jan. 21, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-9362

    Cross-site scripting (XSS) vulnerability in the path-based meta tag editing form in the Meta tags quick module 7.x-2.x before 7.x-2.8 for Drupal allows remote authenticated users with the "Edit path based meta tags" permission to inject arbitrary web scri... Read more

    Affected Products : meta_tags_quick
    • Published: Dec. 10, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2009-2919

    Cross-site scripting (XSS) vulnerability in Boonex Orca 2.0 and 2.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the topic title field.... Read more

    Affected Products : orca
    • Published: Aug. 21, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2007-5319

    Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solaris 8, 9, and 10 allows local users with console (/dev/console) access to cause a denial of service ("unusable" system console) via unspecified vectors.... Read more

    Affected Products : solaris
    • Published: Oct. 09, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2012-2381

    Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.... Read more

    Affected Products : roller
    • Published: Jun. 26, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-4432

    Unspecified vulnerability in the Oracle Transportation Manager component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and 6.2 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Infrastructure.... Read more

    Affected Products : supply_chain_products_suite
    • Published: Jan. 19, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-1983

    Cross-site scripting (XSS) vulnerability in the Projects page in IBM UrbanCode Build 6.1.x before 6.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : urbancode_build
    • Published: Oct. 04, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293566 Results