Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2007-3274

    Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to cause a denial of service (application crash) via JavaScript that sets the document.location variable, as demonstrated by an empty value of document.location.... Read more

    Affected Products : windows_xp safari
    • Published: Jun. 19, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2020-6345

    SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated TGA file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is cau... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • Published: Sep. 09, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-1603

    Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) param parameter to admin/load.php or (2) user, (3) email, or (4) name parameter in a Save Settings action ... Read more

    Affected Products : getsimple_cms getsimple_cms
    • Published: May. 14, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2020-9987

    An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 14.0. Visiting a malicious website may lead to address bar spoofing.... Read more

    Affected Products : safari
    • Published: Dec. 08, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-0747

    Cisco Conductor for Videoscape 3.0 and Cisco Headend System Release allow remote attackers to inject arbitrary cookies via a crafted HTTP request, aka Bug ID CSCuh25408.... Read more

    • Published: May. 30, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-3515

    Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) package parameter to www/admin/plugin-index.php or the (2) group parameter to www/admin/plugin... Read more

    Affected Products : openx
    • Published: Jul. 29, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-1840

    Cross-site scripting (XSS) vulnerability in Upload/search.php in MyBB 1.6.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a do_search action, which is not properly handled in a forced SQL error m... Read more

    Affected Products : mybb
    • Published: Mar. 03, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2007-5648

    Multiple cross-site scripting (XSS) vulnerabilities in rnote.php in rNote 0.9.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) d or the (2) u parameter.... Read more

    Affected Products : rnote
    • Published: Oct. 23, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2019-16175

    A clickjacking vulnerability was found in Limesurvey before 3.17.14.... Read more

    Affected Products : limesurvey
    • Published: Sep. 09, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-5010

    Cross-site scripting (XSS) vulnerability in WebBatch allows remote attackers to inject arbitrary web script or HTML via the URL to webbatch.exe.... Read more

    Affected Products : webbatch
    • Published: Sep. 20, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2017-12213

    A vulnerability in the dynamic access control list (ACL) feature of Cisco IOS XE Software running on Cisco Catalyst 4000 Series Switches could allow an unauthenticated, adjacent attacker to cause dynamic ACL assignment to fail and the port to fail open. T... Read more

    Affected Products : ios_xe catalyst_4000 ios_xe
    • Published: Sep. 07, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2010-4544

    Cross-site scripting (XSS) vulnerability in the servlet in IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : lotus_notes_traveler notes_traveler
    • Published: Dec. 16, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-31921

    Cross-Site Request Forgery (CSRF) vulnerability in Etoile Web Design Ultimate Product Catalogue.This issue affects Ultimate Product Catalogue: from n/a through 5.2.15. ... Read more

    Affected Products :
    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-2986

    Cross-site scripting (XSS) vulnerability in webacs/QuickSearchAction.do in the search feature in the web interface in Cisco Wireless Control System (WCS) before 6.0(194.0) and 7.x before 7.0.164 allows remote attackers to inject arbitrary web script or HT... Read more

    Affected Products : wireless_control_system_software
    • Published: Aug. 10, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2005-3368

    Cross-site scripting (XSS) vulnerability in the Search_Enhanced module in PHP-Nuke 7.9 allows remote attackers to inject arbitrary web script or HTML via the query parameter.... Read more

    Affected Products : search_enhanced
    • Published: Oct. 30, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1245

    Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, when using HTML Tidy ($wgUseTidy), allows remote attackers to inject arbitrary web script or HTML via unknown vectors.... Read more

    Affected Products : mediawiki
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2012-5540

    Multiple cross-site scripting (XSS) vulnerabilities in the Hostip module 6.x-2.x before 6.x-2.2 and 7.x-2.x before 7.x-2.2 for Drupal allow remote attackers with control of hostip.info to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal hostip
    • Published: Dec. 03, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-32090

    Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.0.27. ... Read more

    Affected Products : church_admin
    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2005-3734

    Cross-site scripting (XSS) vulnerability in the "add content" page in phpMyFAQ 1.5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) thema, (2) username, and (3) usermail parameters.... Read more

    Affected Products : phpmyfaq
    • Published: Nov. 22, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2013-7254

    Cross-site scripting (XSS) vulnerability in Opsview before 4.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : opsview
    • Published: Jan. 03, 2014
    • Modified: Apr. 11, 2025
Showing 20 of 294327 Results