Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2010-1082

    Multiple directory traversal vulnerabilities in OI.Blogs 1.0.0, when magic_quotes_gpc is disabled, allow remote attackers to read arbitrary files via directory traversal sequences in the (1) theme parameter to loadStyles.php and the (2) scripts parameter ... Read more

    Affected Products : oi.blogs
    • Published: Mar. 23, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2021-1399

    A vulnerability in the Self Care Portal of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to modify data on an affected s... Read more

    Affected Products : unified_communications_manager
    • Published: Apr. 08, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2011-0587

    Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vul... Read more

    Affected Products : mac_os_x acrobat acrobat_reader windows
    • Published: Feb. 10, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-0911

    Cross-site scripting (XSS) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: it is possible that this overlaps CVE-2011-0535.... Read more

    Affected Products : zikula_application_framework
    • Published: Feb. 08, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2636

    Multiple cross-site scripting (XSS) vulnerabilities in sample store pages in IBM WebSphere Commerce 7.0 before 7.0.0.1 allow remote attackers to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : websphere_commerce
    • Published: Nov. 09, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-4839

    Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis and Security Engine (BASE), possibly 1.4.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) admin/base_roleadmin.php, (2) adm... Read more

    • Published: May. 06, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2017-5046

    V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android had insufficient policy enforcement, which allowed a remote attacker to spoof the location object via a crafted HTML page, related to Blink information dis... Read more

    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2010-2658

    Opera before 10.60 does not properly restrict certain interaction between plug-ins, file inputs, and the clipboard, which allows user-assisted remote attackers to trigger the uploading of arbitrary files via a crafted web site.... Read more

    Affected Products : opera_browser
    • Published: Jul. 08, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-13208

    The Maps Plugin using Google Maps for WordPress WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_... Read more

    Affected Products : wp_google_map
    • Published: Feb. 15, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.3

    MEDIUM
    CVE-2010-4971

    Cross-site scripting (XSS) vulnerability in VideoWhisper PHP 2 Way Video Chat component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the r parameter to index.php.... Read more

    Affected Products : joomla\! php_2_way_video_chat
    • Published: Nov. 02, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1095

    Cross-site scripting (XSS) vulnerability in login_reset_password_page.php in Tracking Requirements & Use Cases (TRUC) 0.11.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: the provenance of this ... Read more

    Affected Products : truc
    • Published: Mar. 24, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-4966

    Cross-site scripting (XSS) vulnerability in default.asp in ATCOM Netvolution allows remote attackers to inject arbitrary web script or HTML via the query parameter in a Search action.... Read more

    Affected Products : netvolution
    • Published: Oct. 21, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-0892

    Cross-site scripting (XSS) vulnerability in HP Diagnostics 7.5x and 8.0x before 8.05.54.225 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.... Read more

    Affected Products : diagnostics
    • Published: Mar. 29, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-0583

    Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via the cfform tag.... Read more

    Affected Products : coldfusion
    • Published: Feb. 10, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-3200

    MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attackers to cause a denial of service (NULL pointer dereference and multiple-instance application crash) via a crafted buffer in a Word document, as demonstrated by word_crash_11.8326.8324_... Read more

    Affected Products : word
    • Published: Sep. 20, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-14782

    Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthentica... Read more

    • Published: Oct. 21, 2020
    • Modified: May. 27, 2025

  • 4.3

    MEDIUM
    CVE-2010-1091

    Multiple cross-site scripting (XSS) vulnerabilities in contact.php in phpMySite allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) city, (3) email, (4) state, and (5) message parameters.... Read more

    Affected Products : phpmysite
    • Published: Mar. 24, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-4956

    Cross-site scripting (XSS) vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : typo3 ke_questionnaire
    • Published: Oct. 09, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-0898

    Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.00 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : network_node_manager_i
    • Published: Apr. 15, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-1684

    Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers sc... Read more

    Affected Products : safari
    • Published: Jun. 10, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 294123 Results