Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2009-3397

    Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors.... Read more

    Affected Products : e-business_suite
    • Published: Oct. 22, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-4505

    Multiple cross-site scripting (XSS) vulnerabilities in OpenCMS OAMP Comments Module 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the name field in a comment, and other unspecified vectors.... Read more

    Affected Products : opencms oamp_comments
    • Published: Mar. 26, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-4446

    Cross-site scripting (XSS) vulnerability in admin.php in phpInstantGallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.... Read more

    Affected Products : phpinstantgallery
    • Published: Dec. 29, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-5720

    Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the default error page for the org.seasar.mayaa.impl.engine.PageNotFoundException exception an... Read more

    Affected Products : mayaa
    • Published: Dec. 26, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2021-39886

    Permissions rules were not applied while issues were moved between projects of the same group in GitLab versions starting with 10.6 and up to 14.1.7 allowing users to read confidential Epic references.... Read more

    Affected Products : gitlab
    • Published: Oct. 05, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-1357

    Cross-site scripting (XSS) vulnerability in editors/logindialogue.php in SBD Directory Software 4.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.... Read more

    Affected Products : sbd_directory_software
    • Published: Apr. 13, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-4469

    Multiple cross-site scripting (XSS) vulnerabilities in pagenumber.inc.php in phpPowerCards 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, the (2) archiv parameter, and the (3) subcat parameter.... Read more

    Affected Products : phppowercards
    • Published: Dec. 30, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-5759

    Cross-site scripting (XSS) vulnerability in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allows remote attackers to inject arbitrary web script or HTML via the name parameter in an updaterecord action to index.php in the 08_Files module. NOTE: the provenance o... Read more

    Affected Products : flatnux
    • Published: Dec. 30, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3948

    JetAudio 7.5.3 COWON Media Center allows remote attackers to cause a denial of service (memory consumption and application crash) via a long string at the end of a .wav file.... Read more

    Affected Products : cowon_media_center-jetaudio
    • Published: Nov. 16, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-4468

    Cross-site scripting (XSS) vulnerability in misc.php in DeluxeBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter.... Read more

    Affected Products : deluxebb
    • Published: Dec. 30, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-4450

    Multiple cross-site scripting (XSS) vulnerabilities in map.php in LiveZilla 3.1.8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) lat, (2) lng, and (3) zom parameters, which are not properly handled when processed with template... Read more

    Affected Products : livezilla
    • Published: Dec. 29, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-1361

    Cross-site scripting (XSS) vulnerability in shop/USER_ARTIKEL_HANDLING_AUFRUF.php in PHPepperShop 2.5 allows remote attackers to inject arbitrary web script or HTML via the darstellen parameter.... Read more

    Affected Products : phpeppershop
    • Published: Apr. 13, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-3901

    Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS allow remote attackers to inject arbitrary web script or HTML via the UserGUID parameter to home/index.asp and other unspecified vectors.... Read more

    Affected Products : e-courirer_cms
    • Published: Nov. 06, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3911

    Cross-site scripting (XSS) vulnerability in settings.php in TFTgallery 0.13 allows remote attackers to inject arbitrary web script or HTML via the sample parameter.... Read more

    Affected Products : tftgallery
    • Published: Nov. 09, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2019-9495

    The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute ap... Read more

    • Published: Apr. 17, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2009-4433

    Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSupport 1.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (a) 5 or (b) 9 field in a post action to ticket_function.php, reachable through ticket_submit.ph... Read more

    Affected Products : isupport
    • Published: Dec. 28, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3934

    The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage function in src/webkit/glue/webframeloaderclient_impl.cc in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service via a page-local link, related to ... Read more

    Affected Products : chrome
    • Published: Nov. 12, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2015-6243

    The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) diss... Read more

    Affected Products : wireshark linux solaris
    • Published: Aug. 24, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2010-1367

    Multiple cross-site scripting (XSS) vulnerabilities in admin/admin_login.php in Uiga Fan Club, as downloaded on 20100310, allow remote attackers to inject arbitrary web script or HTML via the (1) admin_name and (2) admin_password parameters. NOTE: the pr... Read more

    Affected Products : fan_club
    • Published: Apr. 13, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-4570

    Cross-site scripting (XSS) vulnerability in PhpShop 0.8.1 allows remote attackers to inject arbitrary web script or HTML via the order_id parameter in an order/order_print action to the default URI.... Read more

    Affected Products : phpshop
    • Published: Jan. 05, 2010
    • Modified: Apr. 09, 2025
Showing 20 of 294744 Results