Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2013-2025

    Cross-site scripting (XSS) vulnerability in Ushahidi Platform 2.5.x through 2.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : ushahidi_platform
    • Published: Apr. 25, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4093

    Cross-site scripting (XSS) vulnerability in Elasticsearch Kibana 4.x before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : kibana kibana
    • Published: Jun. 15, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2863

    Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks vi... Read more

    Affected Products : virtual_system_administrator
    • Published: Jul. 20, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2005-3787

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl4 allow remote attackers to inject arbitrary web script or HTML via (1) the cookie-based login panel, (2) the title parameter and (3) the table creation dialog.... Read more

    Affected Products : phpmyadmin
    • Published: Nov. 24, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2009-4684

    Cross-site scripting (XSS) vulnerability in index.php in EZodiak allows remote attackers to inject arbitrary web script or HTML via the sign parameter.... Read more

    Affected Products : ezodiak
    • Published: Mar. 10, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2005-3264

    Cross-site scripting (XSS) vulnerability in thread.php for Zeroblog 1.1f and 1.2a allows remote attackers to inject arbitrary web script or HTML via the threadID parameter.... Read more

    Affected Products : zeroblog
    • Published: Oct. 20, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2003-1578

    Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to hide HTTP requests from the log-preview functionality by accompanying the requests with crafted DNS r... Read more

    Affected Products : one_web_server
    • Published: Feb. 05, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-3539

    Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld Ultra Classifieds Pro allow remote attackers to inject arbitrary web script or HTML via the (1) cname parameter to subclass.php and the (2) sn parameter to listads.php.... Read more

    Affected Products : ultra_classifieds_pro
    • Published: Oct. 02, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-4682

    Cross-site scripting (XSS) vulnerability in vote.php in Good/Bad Vote allows remote attackers to inject arbitrary web script or HTML via the id parameter in a vote action.... Read more

    Affected Products : good\/bad_vote
    • Published: Mar. 10, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2005-4580

    Cross-site scripting (XSS) vulnerability in Day Communique 4 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search.... Read more

    Affected Products : communique
    • Published: Dec. 29, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2013-2670

    Cross-site scripting (XSS) vulnerability in the Brother MFC-9970CDW printer with firmware G (1.03) and L (1.10) allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter name (QUERY_STRING) to admin/admin_main.html, a diffe... Read more

    Affected Products : mfc-9970cdw_firmware mfc-9970cdw
    • Published: Mar. 14, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2003-1519

    Cross-site scripting (XSS) vulnerability in Vivisimo clustering engine allows remote attackers to inject arbitrary web script or HTML via the query parameter to the search program.... Read more

    Affected Products : clustering_engine
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2009-1225

    Cross-site scripting (XSS) vulnerability in index.php in Turnkey Ebook Store 1.1 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action.... Read more

    Affected Products : turnkey_ebook_store
    • Published: Apr. 02, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-4592

    The Mobile Network Connections functionality in the Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not properly handle failed attempts at establishing HTTP-TCP sessions, which allows remot... Read more

    Affected Products : lotus_mobile_connect
    • Published: Dec. 22, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1627

    feed.php in phpBB 3.0.7 before 3.0.7-PL1 does not properly check permissions for feeds, which allows remote attackers to bypass intended access restrictions via unspecified attack vectors related to permission settings on a private forum.... Read more

    Affected Products : phpbb
    • Published: May. 19, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2017-12973

    Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.... Read more

    Affected Products : nimbus_jose\+jwt
    • Published: Aug. 20, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2012-6430

    Cross-site scripting (XSS) vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin.php. NOTE: this might b... Read more

    Affected Products : quick_cart quick_cms
    • Published: Mar. 24, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2009-4651

    Multiple cross-site scripting (XSS) vulnerabilities in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) color, (2) img, or (3) url BBCode tags in unsp... Read more

    Affected Products : joomla\! com_webeecomment
    • Published: Feb. 22, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2007-4023

    Cross-site scripting (XSS) vulnerability in the login CGI program in Aruba Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier FIPS versions, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : mobility_controller
    • Published: Jul. 26, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-1041

    Multiple cross-site scripting (XSS) vulnerabilities in Gregarius 0.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) rss_query parameter to search.php or (2) tag parameter to tags.php.... Read more

    Affected Products : gregarius
    • Published: Mar. 07, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293953 Results