Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2010-2458

    Cross-site scripting (XSS) vulnerability in video.php in 2daybiz Video Community Portal Script 1.0 allows remote attackers to inject arbitrary web script or HTML via the videoid parameter.... Read more

    Affected Products : video_community_portal_script
    • Published: Jun. 25, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2491

    Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the template argument to the /issue program.... Read more

    Affected Products : roundup
    • Published: Sep. 24, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2480

    Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript ... Read more

    Affected Products : mako
    • Published: Jul. 02, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2482

    LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-... Read more

    Affected Products : libtiff
    • Published: Jul. 06, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-0203

    Cross-site scripting (XSS) vulnerability in InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • Published: Jan. 31, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2503

    Multiple cross-site scripting (XSS) vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) redirects, aka SPL-31067; (2) unspecified "user->user or user->admin" vectors, aka... Read more

    Affected Products : splunk
    • Published: Jun. 28, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2509

    Multiple cross-site scripting (XSS) vulnerabilities in 2daybiz Web Template Software allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to category.php and the (2) password parameter to memberlogin.php.... Read more

    Affected Products : web_template_software
    • Published: Jun. 28, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2536

    Multiple cross-site scripting (XSS) vulnerabilities in rekonq 0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) a URL associated with a nonexistent domain name, related to webpage.cpp, aka a "universal XSS" issue; (2) u... Read more

    Affected Products : rekonq
    • Published: Aug. 02, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2531

    The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing the applic... Read more

    Affected Products : debian_linux php
    • Published: Aug. 20, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-12190

    The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the bitform-form-entry-edit ... Read more

    Affected Products : contact_form_builder
    • Published: Dec. 25, 2024
    • Modified: Dec. 25, 2024

  • 4.3

    MEDIUM
    CVE-2010-2886

    Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : robohelp_server robohelp
    • Published: Oct. 26, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2846

    Cross-site scripting (XSS) vulnerability in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the afmsg parameter to index.php.... Read more

    Affected Products : joomla\! com_artforms
    • Published: Jul. 25, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-12244

    An issue has been discovered in access controls could allow users to view certain restricted project information even when related features are disabled in GitLab EE, affecting all versions from 17.7 prior to 17.9.7, 17.10 prior to 17.10.5, and 17.11 prio... Read more

    Affected Products : gitlab
    • Published: Apr. 24, 2025
    • Modified: Aug. 08, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2010-2858

    Multiple cross-site scripting (XSS) vulnerabilities in news.php in SimpNews 2.47.03 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) layout and (2) sortorder parameters.... Read more

    Affected Products : simpnews
    • Published: Jul. 25, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2896

    IBM FileNet Content Manager (CM) 4.0.0, 4.0.1, 4.5.0, and 4.5.1 before FP4 does not properly manage the InheritParentPermissions setting during an upgrade from 3.x, which might allow attackers to bypass intended folder permissions via unspecified vectors.... Read more

    Affected Products : filenet_content_manager
    • Published: Jul. 28, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2917

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in AJ Square AJ Article 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) emailid, (2) fname, (3) lname, (4) company, (5) address1, (6) address2, (7) city, (8) st... Read more

    Affected Products : aj_article
    • Published: Jul. 30, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-3003

    Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.0-11 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : insight_diagnostics
    • Published: Sep. 10, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2952

    Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to ... Read more

    Affected Products : traffic_server
    • Published: Sep. 13, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-12280

    The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF check in place when deleting its logs, which could allow attackers to make a logged in to delete them via a CSRF attack... Read more

    Affected Products : wp_customer_area
    • Published: Jan. 27, 2025
    • Modified: May. 08, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2010-3012

    Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue was originally assigned CVE-2010-3010 due to a CNA error.... Read more

    Affected Products : system_management_homepage
    • Published: Sep. 17, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 294447 Results