Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2013-6003

    CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vectors.... Read more

    Affected Products : garoon
    • Published: Dec. 05, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-5222

    Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : arcgis_server arcgis arcgis_for_server
    • Published: Dec. 30, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-5698

    Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and Server before 6.22.0 rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allows remote authenticated users to inject arbitrary web script or HTML vi... Read more

    • Published: Sep. 05, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-6721

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.x through 8.0.0.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving widgets.... Read more

    • Published: Dec. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-4048

    Cross-site scripting (XSS) vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving addition of script to... Read more

    • Published: Sep. 16, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-5868

    Unspecified vulnerability in the Oracle AutoVue Electro-Mechanical Professional component in Oracle Supply Chain Products Suite 20.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Web General, a different vuln... Read more

    Affected Products : supply_chain_products_suite
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-6177

    Directory traversal vulnerability in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allows re... Read more

    Affected Products : document_sciences_xpression
    • Published: Nov. 21, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-0178

    Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potenti... Read more

    Affected Products : samba
    • Published: May. 28, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-4754

    Multiple cross-site scripting (XSS) vulnerabilities in Owl Intranet Knowledgebase 1.10 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field to browse.php or (2) the Title field to prefs.php.... Read more

    Affected Products : intranet_knowledgebase
    • Published: Dec. 26, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-5793

    Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-5786.... Read more

    Affected Products : mysql
    • Published: Oct. 16, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-6033

    Multiple cross-site scripting (XSS) vulnerabilities on Lexmark W840 through LS.HA.P252, T64x before LS.ST.P344, C935dn through LC.JO.P091, C920 through LS.TA.P152, C53x through LS.SW.P069, C52x through LS.FA.P150, E450 through LM.SZ.P124, E350 through LE.... Read more

    Affected Products : c52x c53x c920 c935dn e250 e350 e450 t64x w840
    • Published: Feb. 04, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-0134

    The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and use_cow_images is set to false, allows remote authenticated users to read certain compute host files by overwrit... Read more

    Affected Products : nova compute
    • Published: May. 08, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2009-2076

    Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via (1) exposed filters in the Views UI administrative interface and in the (2) view name p... Read more

    Affected Products : drupal views
    • Published: Jun. 16, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2009-0603

    Cross-site scripting (XSS) vulnerability in index.php in the Link module 5.x-2.5 for Drupal 5.10 allows remote authenticated users, with "administer content types" privileges, to inject arbitrary web script or HTML via the description parameter (aka the H... Read more

    Affected Products : drupal link_module
    • Published: Feb. 16, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2009-2610

    Cross-site scripting (XSS) vulnerability in the Links Related module in the Links Package 5.x before 5.x-1.13 and 6.x before 6.x-1.2, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via the title field.... Read more

    Affected Products : drupal links_package
    • Published: Jul. 27, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2009-3487

    Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via (1) the JEXEC_OUTID parameter in a JEXEC_MODE_RELAY_OUTPUT action to the jexec... Read more

    Affected Products : junos junos
    • Published: Sep. 30, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2009-1461

    Cross-site scripting (XSS) vulnerability in the Create New Page form in razorCMS 0.3 RC2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Page Title field.... Read more

    Affected Products : razorcms
    • Published: Apr. 28, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2009-0359

    Multiple cross-site scripting (XSS) vulnerabilities in Samizdat before 0.6.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message title or (2) user full name.... Read more

    Affected Products : samizdat
    • Published: Feb. 17, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2009-4429

    Cross-site scripting (XSS) vulnerability in the Sections module 5.x before 5.x-1.3 and 6.x before 6.x-1.3 for Drupal allows remote authenticated users with "administer sections" privileges to inject arbitrary web script or HTML via a section name (aka the... Read more

    Affected Products : drupal sections_module
    • Published: Dec. 28, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2008-7231

    Cross-site scripting (XSS) vulnerability in Meridio Document and Records Management before 4.3 SR1 allows remote authenticated users to inject arbitrary web script or HTML via the Title field in a (1) document (subGeneralProps:dmpvDocTitle:PROP_W_title) o... Read more

    Affected Products : document_and_records_management
    • Published: Sep. 14, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 294837 Results