Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2004-1640

    Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 0.94 and 1.0 allow remote attackers to execute arbitrary web script and HTML via the (1) terme parameter to search.php or (2) letter parameter to letter.php.... Read more

    Affected Products : xoops_dictionary
    • Published: Aug. 28, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2012-1984

    Multiple cross-site scripting (XSS) vulnerabilities in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : helix_server helix_mobile_server
    • Published: Apr. 17, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2018-16704

    An issue was discovered in Gleez CMS v1.2.0. Because of an Insecure Direct Object Reference vulnerability, it is possible for attackers (logged in users) to view profile page of other users, as demonstrated by navigating to user/3 on demo.gleezcms.org.... Read more

    Affected Products : gleez_cms gleezcms
    • Published: Sep. 07, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-58134

    Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated user to conduct an impact to integrity via network access.... Read more

    Affected Products :
    • Published: Sep. 09, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2018-17857

    An issue was discovered in Joomla! before 3.8.13. Inadequate checks on the tags search fields can lead to an access level violation.... Read more

    Affected Products : joomla\!
    • Published: Oct. 09, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2018-16970

    Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to download non-purchased course files via a modified id parameter.... Read more

    Affected Products : learning_management_system
    • Published: Sep. 12, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-2151

    Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : spip
    • Published: Aug. 14, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-2770

    Cross-site scripting (XSS) vulnerability in man2html.cgi.c in man2html 1.6, and possibly other version, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to error messages.... Read more

    Affected Products : man2html
    • Published: Nov. 17, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2021-3991

    An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch. A user with restricted permissions in the 'Reception' section is able to access specific reception details via direct URL access, bypassing the intended per... Read more

    Affected Products : dolibarr_erp\/crm
    • Published: Nov. 15, 2024
    • Modified: Nov. 19, 2024

  • 4.3

    MEDIUM
    CVE-2009-0470

    Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 12.4(23) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) level/15/exec/-/ or (2) exec/, a different vulnerabil... Read more

    Affected Products : ios
    • Published: Feb. 06, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2002-1453

    Cross-site scripting (XSS) vulnerability in MyWebServer 1.0.2 allows remote attackers to insert script and HTML via a long request followed by the malicious script, which is echoed back to the user in an error message.... Read more

    Affected Products : mywebserver
    • Published: Aug. 14, 2002
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2013-3423

    Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified field, aka Bug ID CSCud75174.... Read more

    Affected Products : secure_access_control_system
    • Published: Jul. 12, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-1097

    Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via vectors involving an onload event.... Read more

    Affected Products : zenworks_configuration_management
    • Published: Jun. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-1096

    Cross-site scripting (XSS) vulnerability in the Roles Based Provisioning Module 4.0.2 before Field Patch D for Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script or HTML via a taskDetail taskId.... Read more

    • Published: Dec. 28, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-2661

    Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 8.0 before HP3 allow remote attackers to inject arbitrary web script or HTML via the (1) Directory.Item.name or (2) Directory.Item.displayName parameter.... Read more

    Affected Products : groupwise
    • Published: Oct. 08, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-1087

    Cross-site scripting (XSS) vulnerability in the client in Novell GroupWise through 8.0.3 HP3, and 2012 through SP2, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML via the body of an e-mail message.... Read more

    Affected Products : groupwise windows
    • Published: Jul. 15, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-5482

    Cisco Prime LAN Management Solution (LMS) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripti... Read more

    Affected Products : prime_lan_management_solution
    • Published: Sep. 13, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-1051

    apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party... Read more

    Affected Products : ubuntu_linux advanced_package_tool apt
    • Published: Mar. 21, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-2410

    Cross-site scripting (XSS) vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : openview_performance_insight
    • Published: Aug. 19, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2002-2278

    Cross-site scripting (XSS) vulnerability in mod_search/index.php in PortailPHP 0.99 allows remote attackers to inject arbitrary web script or HTML via the (1) $App_Theme, (2) $Rub_Search, (3) $Rub_News, (4) $Rub_File, (5) $Rub_Liens, or (6) $Rub_Faq varia... Read more

    Affected Products : portail_web_php
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025
Showing 20 of 294846 Results