Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2019-16175

    A clickjacking vulnerability was found in Limesurvey before 3.17.14.... Read more

    Affected Products : limesurvey
    • Published: Sep. 09, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2008-6565

    Cross-site scripting (XSS) vulnerability in Invision Power Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an IFRAME tag in the signature.... Read more

    Affected Products : invision_power_board
    • Published: Mar. 31, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-31921

    Cross-Site Request Forgery (CSRF) vulnerability in Etoile Web Design Ultimate Product Catalogue.This issue affects Ultimate Product Catalogue: from n/a through 5.2.15. ... Read more

    Affected Products :
    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2008-6616

    Cross-site scripting (XSS) vulnerability in index.php in Zen Software Zen Cart 2008 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in the advanced_search_result page. NOTE: the provenance of this information is un... Read more

    Affected Products : zen_cart
    • Published: Apr. 06, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-5010

    Cross-site scripting (XSS) vulnerability in WebBatch allows remote attackers to inject arbitrary web script or HTML via the URL to webbatch.exe.... Read more

    Affected Products : webbatch
    • Published: Sep. 20, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-4864

    Multiple cross-site scripting (XSS) vulnerabilities in escorts_search.php in I-Escorts Directory Script and Agency Script allow remote attackers to inject arbitrary web script or HTML via the (1) search_name and (2) languages parameters. NOTE: some of th... Read more

    • Published: May. 11, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-6037

    Cross-site scripting (XSS) vulnerability in index.php in Aker Secure Mail Gateway 2.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg_id parameter.... Read more

    Affected Products : secure_mail_gateway
    • Published: Mar. 11, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2008-6173

    Cross-site scripting (XSS) vulnerability in fullscreen.php in ClipShare Pro 4.0 allows remote attackers to inject arbitrary web script or HTML via the title parameter.... Read more

    Affected Products : clipshare
    • Published: Feb. 19, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-23597

    Cross-site request forgery (CSRF) vulnerability exists in TvRock 0.9t8a. If a logged-in user of TVRock accesses a specially crafted page, unintended operations may be performed. Note that the developer was unreachable, therefore, users should consider sto... Read more

    Affected Products :
    • Published: May. 01, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2009-4888

    Cross-site scripting (XSS) vulnerability in poster.php in PHortail 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) pseudo, (2) email, (3) ti, and (4) txt parameters.... Read more

    Affected Products : phortail
    • Published: Jun. 11, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-4942

    Cross-site request forgery (CSRF) vulnerability in ACollab 1.2 allows remote attackers to hijack the authentication of arbitrary users for requests that add personal agenda items.... Read more

    Affected Products : acollab
    • Published: Jul. 22, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-0369

    Microsoft Internet Explorer 7 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability.... Read more

    Affected Products : internet_explorer
    • Published: Jan. 30, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2015-5507

    Cross-site scripting (XSS) vulnerability in the Inline Entity Form module 7.x-1.x before 7.x-1.6 for Drupal allows remote authenticated users with permission to create or edit fields to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : inline_entity_form
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2018-11631

    Rondaful M1 Wristband Smart Band 1 devices allow remote attackers to send an arbitrary number of call or SMS notifications via crafted Bluetooth Low Energy (BLE) traffic.... Read more

    • Published: May. 31, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-5648

    Multiple cross-site scripting (XSS) vulnerabilities in rnote.php in rNote 0.9.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) d or the (2) u parameter.... Read more

    Affected Products : rnote
    • Published: Oct. 23, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2014-2925

    Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content.asp in ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote attackers to inject arbitrary web script or HTML via the current_page parameter to a... Read more

    Affected Products : rt-ac68u_firmware tm-ac1900 rt-ac68u
    • Published: Apr. 22, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-11852

    The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_layouts() function in all versions... Read more

    Affected Products : element_pack
    • Published: Dec. 22, 2024
    • Modified: Jan. 29, 2025

  • 4.3

    MEDIUM
    CVE-2022-1846

    The Tiny Contact Form WordPress plugin through 0.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : tiny_contact_form
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2009-5142

    Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb 1.09 and earlier, as used in Mimbo Pro 2.3.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the src parameter.... Read more

    Affected Products : timthumb mimbo_pro
    • Published: Aug. 21, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-5500

    Multiple cross-site scripting (XSS) vulnerabilities in the oraadmin service page in Cisco MediaSense allow remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuj23320, CSCuj23324, CSCuj23333, and CSCuj23338... Read more

    Affected Products : mediasense
    • Published: Sep. 20, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 294503 Results