Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2008-5999

    Cross-site scripting (XSS) vulnerability in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allows remote authenticated users, with create and edit permissions for posts, to inject arbitrary web script or HTML via unspecified vectors involving the... Read more

    Affected Products : drupal ajax_checklist
    • Published: Jan. 28, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2009-0603

    Cross-site scripting (XSS) vulnerability in index.php in the Link module 5.x-2.5 for Drupal 5.10 allows remote authenticated users, with "administer content types" privileges, to inject arbitrary web script or HTML via the description parameter (aka the H... Read more

    Affected Products : drupal link_module
    • Published: Feb. 16, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2006-2632

    Cross-site scripting (XSS) vulnerability in Andrew Godwin ByteHoard 2.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via file descriptions.... Read more

    Affected Products : bytehoard
    • Published: May. 30, 2006
    • Modified: Apr. 03, 2025

  • 3.5

    LOW
    CVE-2009-2131

    Cross-site scripting (XSS) vulnerability in 4images 1.7.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML by providing a crafted user_homepage parameter to member.php, and then posting a comment associated with a pictu... Read more

    Affected Products : 4images
    • Published: Jun. 19, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2009-2074

    Cross-site scripting (XSS) vulnerability in Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via vocabulary names.... Read more

    Affected Products : drupal nodequeue
    • Published: Jun. 16, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2013-0553

    The client implementation in IBM Sametime 8.5.1 through 8.5.2.1, as used in Sametime Connect client, Sametime Advanced Connect client, Sametime Advanced Web client, and other products, allows remote authenticated users to send commands to individual chat ... Read more

    • Published: Apr. 28, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-0672

    Cross-site scripting (XSS) vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified data.... Read more

    Affected Products : wincc_tia_portal
    • Published: Mar. 21, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-0590

    Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3, a different vulnerability than CVE-2013... Read more

    Affected Products : lotus_inotes lotus_domino
    • Published: Aug. 27, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-0177

    Multiple cross-site scripting (XSS) vulnerabilities in widget/screen/ModelScreenWidget.java in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.05, 11.04.01, and possibly 09.04.x allow remote authenticated users to inject arbitrary web sc... Read more

    Affected Products : ofbiz open_for_business_project
    • Published: Jan. 30, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-5762

    Cross-site scripting (XSS) vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote authenticated users to inject arbitrary web script or HTML via vectors involving the MHTML protocol.... Read more

    Affected Products : netezza
    • Published: Feb. 20, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-0453

    Cross-site scripting (XSS) vulnerability in Web Reports in IBM Tivoli Endpoint Manager (TEM) before 8.2.1372 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : tivoli_endpoint_manager
    • Published: Mar. 21, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-6147

    Cross-site scripting (XSS) vulnerability in the tree render API (TCA-Tree) in the Backend API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via un... Read more

    Affected Products : typo3
    • Published: Jul. 01, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-6148

    Cross-site scripting (XSS) vulnerability in the function menu API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : typo3
    • Published: Jul. 01, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-0172

    Samba 4.0.x before 4.0.1, in certain Active Directory domain-controller configurations, does not properly interpret Access Control Entries that are based on an objectClass, which allows remote authenticated users to bypass intended restrictions on modifyi... Read more

    Affected Products : samba
    • Published: Jan. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-0585

    Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, and 9.1 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to the (1) web console and (2) r... Read more

    Affected Products : infosphere_information_server
    • Published: Aug. 16, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-0586

    Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : cognos_business_intelligence
    • Published: Aug. 27, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2024-22438

    A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820 Network switches. The vulnerability could be remotely exploited to allow execution of malicious code. ... Read more

    Affected Products :
    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2012-6149

    Multiple cross-site scripting (XSS) vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) content values of a note in a system... Read more

    • Published: Feb. 14, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2007-5461

    Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request th... Read more

    Affected Products : tomcat
    • Published: Oct. 15, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2010-3089

    Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field.... Read more

    Affected Products : mailman
    • Published: Sep. 15, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 293646 Results