Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.7

    LOW
    CVE-2012-2696

    The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a (1) SOAP or (2) GWT request.... Read more

    Affected Products : enterprise_virtualization_manager
    • Published: Jan. 04, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2008-5460

    Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, and 9.0 allows remote attackers to affect confidentiality via unknown vectors.... Read more

    Affected Products : bea_product_suite
    • Published: Jan. 14, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2012-2712

    Multiple cross-site scripting (XSS) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.1 for Drupal, when supporting manual entry of field identifiers, allow remote attackers to inject arbitrary web script or HTML via vectors related to thrown ... Read more

    Affected Products : drupal search_api
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-2710

    Cross-site scripting (XSS) vulnerability in the Zen module 6.x-1.x before 6.x-1.1 for Drupal, when "Append the content title to the end of the breadcrumb" is enabled, allows remote attackers to inject arbitrary web script or HTML via the content title in ... Read more

    Affected Products : drupal zen
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-5559

    Cross-site scripting (XSS) vulnerability in the page manager node view task in the Chaos tool suite (ctools) module 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with permissions to submit or edit nodes to inject arbitrary web scrip... Read more

    Affected Products : ctools
    • Published: Dec. 03, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-6502

    Microsoft Internet Explorer before 10 allows remote attackers to obtain sensitive information about the existence of files, and read certain data from files, via a UNC share pathname in the SRC attribute of a SCRIPT element, as demonstrated by reading a n... Read more

    Affected Products : internet_explorer
    • Published: Jan. 22, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-1897

    The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the BASE... Read more

    Affected Products : 389_directory_server
    • Published: May. 13, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-5868

    WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack.... Read more

    Affected Products : wordpress
    • Published: Dec. 27, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-0244

    Cross-site scripting (XSS) vulnerability in Drupal 6.x before 6.28 and 7.x before 7.19, when running with older versions of jQuery that are vulnerable to CVE-2011-4969, allows remote attackers to inject arbitrary web script or HTML via vectors involving u... Read more

    Affected Products : drupal
    • Published: Jan. 19, 2014
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-5349

    Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the Pay With Tweet plugin before 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) title, or (3) dl parameter.... Read more

    Affected Products : wordpress pay-with-tweet
    • Published: Oct. 09, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-0181

    Cross-site scripting (XSS) vulnerability in Views in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal, when using certain backends and facets, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which ... Read more

    Affected Products : drupal search_api
    • Published: Mar. 27, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-2731

    The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the PHP session id in the JavaScript settings array in page loads, which might allow remote attackers to obtain sensitive information by sniffing or reading the cache of the HTML of a webpage... Read more

    Affected Products : drupal ubercart_ajax_cart
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-2703

    Cross-site scripting (XSS) vulnerability in the Advertisement module 6.x-2.x before 6.x-2.3 for Drupal, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to the "$conf variable in settings.php."... Read more

    Affected Products : drupal advertisement
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-0475

    Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site (1) XMLH... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Apr. 25, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2009-1823

    Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.7 and 6.x before 6.x-1.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML by modifying a document head... Read more

    Affected Products : drupal print
    • Published: May. 29, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2009-1986

    Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality via unknown vectors.... Read more

    Affected Products : e-business_suite
    • Published: Jul. 14, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2009-1905

    The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a dat... Read more

    Affected Products : db2
    • Published: Jun. 03, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2009-3300

    Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative Shibboleth allow remote attacker... Read more

    Affected Products : identity_provider service_provider
    • Published: Nov. 06, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2008-4775

    Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the db parameter, a... Read more

    Affected Products : phpmyadmin
    • Published: Oct. 28, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2009-4022

    Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache ... Read more

    Affected Products : bind
    • Published: Nov. 25, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 294273 Results