Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2013-2381

    Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server Privileges.... Read more

    Affected Products : mysql
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2007-4523

    Multiple cross-site scripting (XSS) vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote authenticated users to inject arbitrary web script or HTML via one or more of the following vectors: the (1) id parameter to (a) pages/delete_page.p... Read more

    Affected Products : ripe_website_manager
    • Published: Aug. 25, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2014-2289

    res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk Open Source 12.x before 12.1.0 allows remote authenticated users to cause a denial of service (crash) via a SUBSCRIBE request without any Accept headers, which triggers an invalid pointer... Read more

    Affected Products : asterisk
    • Published: Apr. 18, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-3102

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF28 and 8.0.0 before 8.0.0.1 CF13 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : websphere_portal
    • Published: Aug. 12, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-2269

    Multiple cross-site scripting (XSS) vulnerabilities in lib/javascript-static.js in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) alt o... Read more

    Affected Products : moodle
    • Published: Jun. 01, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2007-4741

    Cross-site scripting (XSS) vulnerability in admin/adminusers.php in Claroline before 1.8.6 allows remote authenticated administrators to inject arbitrary web script or HTML via the sort parameter. NOTE: the provenance of this information is unknown; the ... Read more

    Affected Products : claroline
    • Published: Sep. 06, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2014-2287

    channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x before 11.8.1, and 12.1.x before 12.1.1, and Certified Asterisk 1.8.15 before 1.8.15-cert5 and 11.6 before 11.6-cert2, when chan_sip has a certain configuration, allows remote authe... Read more

    Affected Products : fedora asterisk certified_asterisk
    • Published: Apr. 18, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2007-5403

    Multiple cross-site scripting (XSS) vulnerabilities in Layton HelpBox 3.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Forename, (2) Surname, (3) Telephone, and (4) Fax fields to writeenduserenduser.asp; the (5) Fi... Read more

    Affected Products : helpbox
    • Published: Jan. 09, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2012-3149

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect confidentiality, related to MySQL Client.... Read more

    Affected Products : mysql
    • Published: Oct. 16, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-1511

    Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.... Read more

    Affected Products : mysql mariadb solaris
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2024-13261

    Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia DAM allows Cross Site Request Forgery.This issue affects Acquia DAM: from 0.0.0 before 1.0.13, from 1.1.0 before 1.1.0-beta3.... Read more

    Affected Products : dam
    • Published: Jan. 09, 2025
    • Modified: Aug. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 3.5

    LOW
    CVE-2010-4425

    Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 10.1.3.3.2, 10.1.3.4.0, and 10.1.3.4.1 allows remote authenticated users to affect integrity via unknown vectors related to Web Server.... Read more

    Affected Products : fusion_middleware
    • Published: Jan. 19, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-4427

    Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 10.1.3.4.0, 10.1.3.4.1, and 11.1.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Web Server.... Read more

    Affected Products : fusion_middleware
    • Published: Jan. 19, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-4355

    Cross-site scripting (XSS) vulnerability in DaDaBIK before 4.3 beta2, when the insert or edit feature is enabled, allows remote authenticated users to inject arbitrary web script or HTML via the select_single parameter.... Read more

    Affected Products : dadabik
    • Published: Dec. 01, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-4322

    Cross-site scripting (XSS) vulnerability in gwtTeaming.rpc in Novell Vibe OnPrem 3 BETA allows remote authenticated users to inject arbitrary web script or HTML via the Micro Blog (aka What Are You Working On?) field.... Read more

    Affected Products : vibe_onprem
    • Published: Jan. 07, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-3737

    Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (heap memory consumption) by executing a (1) user-defined function (UDF) or (2) stored procedure while usin... Read more

    Affected Products : db2
    • Published: Oct. 05, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-3779

    Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox... Read more

    Affected Products : dovecot
    • Published: Oct. 06, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-3581

    Unspecified vulnerability in the BPEL Console component in Oracle Fusion Middleware 11.1.1.1.0 and 11.1.1.2.0 allows remote authenticated users to affect integrity via unknown vectors.... Read more

    Affected Products : fusion_middleware
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2023-3906

    An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, allowed an authenticated attacker to craft image urls which bypass the asset proxy.... Read more

    Affected Products : gitlab
    • Published: Sep. 29, 2023
    • Modified: May. 05, 2025

  • 3.5

    LOW
    CVE-2010-2802

    Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.2 allows remote authenticated users to inject arbitrary web script or HTML via an HTML document with a .gif filename extension, related to inline attachments.... Read more

    Affected Products : mantisbt
    • Published: Sep. 07, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 293527 Results