Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2009-4714

    Cross-site scripting (XSS) vulnerability in the quiz module for XOOPS Celepar allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to cadastro_usuario.php.... Read more

    Affected Products : xoops_celepar
    • Published: Mar. 15, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-4697

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in RadNICS Gold 5 allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter in a ulist action and the (2) fid parameter in a view_forum action.... Read more

    Affected Products : radnics
    • Published: Mar. 10, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1731

    Google Chrome on the HTC Hero allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop.... Read more

    Affected Products : chrome hero
    • Published: May. 06, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1803

    Time Machine in Apple Mac OS X 10.6.x before 10.6.5 does not verify the unique identifier of its remote AFP volume, which allows remote attackers to obtain sensitive information by spoofing this volume.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Nov. 15, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-0927

    Cross-site scripting (XSS) vulnerability in help/readme.nsf/Header in the Help component in IBM Lotus Domino 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the BaseTarget parameter in an OpenPage a... Read more

    Affected Products : lotus_domino
    • Published: Mar. 05, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1755

    Safari in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the Accept Cookies preference, which makes it easier for remote web servers to track users via a cookie.... Read more

    Affected Products : iphone_os ipod_touch
    • Published: Jun. 22, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-4715

    Cross-site scripting (XSS) vulnerability in rates.php in Real Time Currency Exchange allows remote attackers to inject arbitrary web script or HTML via the Amount parameter.... Read more

    Affected Products : real_time_currency_exchange
    • Published: Mar. 15, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-4707

    Cross-site scripting (XSS) vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : typo3 gb_fenewssubmit
    • Published: Mar. 15, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-4699

    Multiple cross-site scripting (XSS) vulnerabilities in SkaDate Dating allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/auth.php and (2) file_uploader.php.... Read more

    Affected Products : skadate_online_dating_software
    • Published: Mar. 15, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1746

    Multiple cross-site scripting (XSS) vulnerabilities in the Table JX (com_grid) component for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) data_search and (2) rpp parameters to index.php.... Read more

    Affected Products : joomla\! com_grid
    • Published: May. 06, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1764

    WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, follows multiple redirections during form submission, which allows remote web servers to obtain sensitive information by recording the form data.... Read more

    • Published: Jun. 11, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-4640

    Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read.... Read more

    Affected Products : ffmpeg
    • Published: Feb. 10, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2021-21625

    Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins in some ... Read more

    Affected Products : cloudbees_aws_credentials
    • Published: Mar. 18, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2009-4649

    Multiple cross-site scripting (XSS) vulnerabilities in geccBBlite 0.1 allow remote attackers to inject arbitrary web script or HTML via the postatoda parameter to (1) rispondi.php and (2) scrivi.php, which is not properly handled in forum.php.... Read more

    Affected Products : geccbblite
    • Published: Feb. 22, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-6123

    Cross-site scripting (XSS) vulnerability in Microsoft Excel for Mac 2011 and Excel 2016 for Mac allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message that is mishandled by Outlook for Mac, aka "Microsoft Outlook for M... Read more

    Affected Products : excel_for_mac
    • Published: Nov. 11, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2010-0938

    Cross-site scripting (XSS) vulnerability in todooforum.php in Todoo Forum 2.0 allows remote attackers to inject arbitrary web script or HTML via the id_forum parameter in a post action.... Read more

    Affected Products : todoo_forum
    • Published: Mar. 08, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-4602

    Cross-site scripting (XSS) vulnerability in the Randomizer module 5.x through 5.x-1.0 and 6.x through 6.x-1.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal randomizer
    • Published: Jan. 12, 2010
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-4575

    Cross-site scripting (XSS) vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 RC2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the personel_sira parameter in a sirala action to index.php.... Read more

    Affected Products : joomla\! com_qpersonel
    • Published: Jan. 06, 2010
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-1851

    Google Chrome, when the Invisible Hand extension is enabled, uses cookies during background HTTP requests in a possibly unexpected manner, which might allow remote web servers to identify specific persons and their product searches via HTTP request loggin... Read more

    Affected Products : chrome
    • Published: May. 07, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-0893

    Unspecified vulnerability in the Sun Convergence component in Oracle Sun Product Suite 1.0 allows remote attackers to affect confidentiality via unknown vectors related to Mail.... Read more

    Affected Products : sun_products_suite
    • Published: Apr. 13, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 294513 Results