Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2023-36482

    An issue was discovered in Samsung NFC S3NRN4V, S3NSN4V, S3NSEN4, SEN82AB, and S3NRN82. A buffer copy without checking its input size can cause an NFC service restart.... Read more

    • Published: Aug. 08, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2005-4297

    Cross-site scripting (XSS) vulnerability in bbBoard 2.56 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly via the "keys" parameter.... Read more

    Affected Products : bbboard
    • Published: Dec. 16, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4248

    Multiple cross-site scripting (XSS) vulnerabilities in QuickPayPro 3.1 allow remote attackers to inject arbitrary web script or HTML via various fields, such as those in (1) communication/subscribers.tracking.add.php, (2) support/tickets.add.php, and (3) ... Read more

    Affected Products : quickpaypro
    • Published: Dec. 15, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2735

    Cross-site scripting (XSS) vulnerability in phpGraphy 0.9.9a and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag.... Read more

    Affected Products : phpgraphy
    • Published: Aug. 30, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4285

    Cross-site scripting (XSS) vulnerability in pdestore.cgi in Dick Copits PDEstore 1.8 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) the search module parameter or the (2) product and (3) cart_id parameters.... Read more

    Affected Products : pdestore
    • Published: Dec. 16, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4306

    Multiple cross-site scripting (XSS) vulnerabilities in SiteNet BBS 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pg, (2) tid, (3) cid, and (4) fid parameters to netboardr.cgi, or (5) cid parameter to search.cgi.... Read more

    Affected Products : sitenet_bbs
    • Published: Dec. 17, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4328

    Cross-site scripting (XSS) vulnerability in webglimpse.cgi in Webglimpse 2.14.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the ID parameter.... Read more

    Affected Products : webglimpse
    • Published: Dec. 17, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4282

    Cross-site scripting (XSS) vulnerability in Zaygo DomainCart 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML, possibly via the root parameter to zaygo.cgi.... Read more

    Affected Products : domaincart
    • Published: Dec. 16, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2737

    Cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro 5.1 allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag.... Read more

    Affected Products : photopost_php_pro
    • Published: Aug. 30, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4291

    Cross-site scripting (XSS) vulnerability in cart.cgi in ECTOOLS Onlineshop 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) product, (2) category, and (3) uid parameters.... Read more

    Affected Products : ectools_onlineshop
    • Published: Dec. 16, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0715

    Cross-site scripting (XSS) vulnerability in sNews 1.3 allows remote attackers to inject arbitrary web script or HTML via the comment field.... Read more

    Affected Products : snews
    • Published: Feb. 15, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2025-57176

    The rfpiped service on TCP port 555 in Ceragon Networks / Siklu Communication EtherHaul series (8010TX and 1200FX tested) Firmware 7.4.0 through 10.7.3 allows unauthenticated file uploads to any writable location on the device. File upload packets use wea... Read more

    Affected Products :
    • Published: Sep. 15, 2025
    • Modified: Sep. 15, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2005-4080

    Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and strings that will be executed when viewed using Internet ... Read more

    Affected Products : imp
    • Published: Dec. 08, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4091

    Cross-site scripting (XSS) vulnerability in 1search.cgi in 1-Script 1-Search 1.8 allows remote attackers to inject arbitrary web script or HTML via the q parameter.... Read more

    Affected Products : 1-search
    • Published: Dec. 08, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3009

    Cross-site scripting (XSS) vulnerability in CuteNews allows remote attackers to inject arbitrary web script or HTML via the mod parameter to index.php.... Read more

    Affected Products : cutenews
    • Published: Sep. 21, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3301

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) left.php, (2) queryframe.php, or (3) server_databases.php.... Read more

    Affected Products : phpmyadmin
    • Published: Oct. 24, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2024-1727

    A Cross-Site Request Forgery (CSRF) vulnerability in gradio-app/gradio allows attackers to upload multiple large files to a victim's system if they are running Gradio locally. By crafting a malicious HTML page that triggers an unauthorized file upload to ... Read more

    Affected Products : gradio
    • Published: Mar. 21, 2024
    • Modified: Jul. 30, 2025

  • 4.3

    MEDIUM
    CVE-2005-3000

    Multiple cross-site scripting (XSS) vulnerabilities in viewers/txt.php in PHP Advanced Transfer Manager 1.30 allow remote attackers to inject arbitrary web script or HTML via the (1) font, (2) normalfontcolor, or (3) mess[31] parameters.... Read more

    Affected Products : php_advanced_transfer_manager
    • Published: Sep. 20, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2476

    Cross-site scripting (XSS) vulnerability in lost_passowrd.php in Naxtor Shopping Cart 1.0 allows remote attackers to inject arbitrary web script or HTML via the email parameter.... Read more

    Affected Products : shopping_cart
    • Published: Aug. 05, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4239

    Cross-site scripting (XSS) vulnerability in Search/DisplayResults.php in PHP JackKnife 2.21 and earlier allows remote attackers to inject arbitrary web script or HTML via URL-encoded values in the sKeywords parameter.... Read more

    Affected Products : php_jackknife
    • Published: Dec. 14, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 294071 Results