Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2015-3372

    Cross-site scripting (XSS) vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title.... Read more

    Affected Products : node_invite
    • Published: Apr. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2006-1281

    Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272. NOTE: 1.10 was later reported to be ... Read more

    Affected Products : mybulletinboard
    • Published: Mar. 19, 2006
    • Modified: Apr. 03, 2025

  • 3.5

    LOW
    CVE-2015-4356

    Cross-site scripting (XSS) vulnerability in the view-based webform results table in the Webform module 7.x-4.x before 7.x-4.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a webform.... Read more

    Affected Products : webform
    • Published: Jun. 15, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-3359

    Multiple cross-site scripting (XSS) vulnerabilities in the Room Reservations module before 7.x-1.1 for Drupal allow remote authenticated users with the "Administer the room reservations system" permission to inject arbitrary web script or HTML via the (1)... Read more

    Affected Products : room_reservations
    • Published: Apr. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2005-4192

    Multiple cross-site scripting (XSS) vulnerabilities in templates/notepads/notepads.inc in Horde Mnemo Note Manager H3 before 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) the notepad's name or (2) description, when ... Read more

    Affected Products : mnemo_note_manager_h3
    • Published: Dec. 13, 2005
    • Modified: Apr. 03, 2025

  • 3.5

    LOW
    CVE-2015-4381

    Cross-site scripting (XSS) vulnerability in the Invoice module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the "Administer own invoices" permission to inject arbitrary web script or HTML via unspecif... Read more

    Affected Products : invoice
    • Published: Jun. 15, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2015-3357

    Cross-site scripting (XSS) vulnerability in the Wishlist module before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "access wishlists" permission to inject arbitrary web script or HTML via unspecified vectors, w... Read more

    Affected Products : wishlist
    • Published: Apr. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2007-0830

    Multiple cross-site scripting (XSS) vulnerabilities in the Admin Control Panel (AdminCP) in Jelsoft vBulletin 3.6.4 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors related to the (1) User Group Mana... Read more

    Affected Products : vbulletin
    • Published: Feb. 07, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2024-56082

    ChatBar.tsx in Lumos before 1.0.17 parses raw HTML in Markdown because the markdown-to-jsx package is used without disableParsingRawHTML set to true.... Read more

    Affected Products :
    • Published: Dec. 15, 2024
    • Modified: Dec. 16, 2024

  • 3.5

    LOW
    CVE-2020-5301

    SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. The module controller in `SimpleSAML\Module` that processes requests for pages hosted by modules, has code to identify paths ending with `.php` and process those as PHP ... Read more

    Affected Products : simplesamlphp
    • Published: Apr. 21, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2020-26220

    toucbase.ai before version 2.0 leaks information by not stripping exif data from images. Anyone with access to the uploaded image of other users could obtain its geolocation, device, and software version data etc (if present. The issue is fixed in version... Read more

    Affected Products : touchbase.ai
    • Published: Nov. 11, 2020
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2019-2735

    Vulnerability in the Oracle Hyperion Workspace component of Oracle Hyperion (subcomponent: UI and Visualization). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via ... Read more

    Affected Products : hyperion_workspace
    • Published: Jul. 23, 2019
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2010-0684

    Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.... Read more

    Affected Products : activemq
    • Published: Apr. 05, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-5316

    Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Spam & Virus Firewall 600 Firmware 4.0.1.009 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) Troubleshooting in the Trace route Device module or (... Read more

    • Published: Oct. 08, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-5589

    The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal does not properly check node permissions when generating an in-content link, which allows remote authenticated users with text-editing permissions to read arbitrary node tit... Read more

    Affected Products : drupal multilink
    • Published: Dec. 26, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2024-41663

    Canarytokens help track activity and actions on a network. A Cross-Site Scripting vulnerability was identified in the "Cloned Website" Canarytoken, whereby the Canarytoken's creator can attack themselves. The creator of a slow-redirect Canarytoken can in... Read more

    Affected Products : canarytokens
    • Published: Jul. 23, 2024
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2017-5244

    Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of the service. This could have allowed an attacker to stop ... Read more

    Affected Products : metasploit
    • Published: Jun. 15, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2014-1988

    The Phone Messages feature in Cybozu Garoon 2.0.0 through 3.7 SP2 allows remote authenticated users to cause a denial of service (resource consumption) via unspecified vectors.... Read more

    Affected Products : garoon
    • Published: May. 02, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-1648

    The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not properly validate the publication-source URL, which allows remote authenticated users to trigger arbitrary outbound TCP traffic via... Read more

    Affected Products : open-xchange_server
    • Published: Sep. 05, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-1902

    Multiple cross-site scripting (XSS) vulnerabilities in Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, and YC... Read more

    • Published: May. 14, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 294522 Results