Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2009-4869

    Cross-site scripting (XSS) vulnerability in index.php in Nasim Guest Book 1.2 allows remote attackers to inject arbitrary web script or HTML via the page parameter.... Read more

    Affected Products : nasim_guest_book
    • Published: May. 11, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-4856

    Cross-site scripting (XSS) vulnerability in subitems.php in PHP Easy Shopping Cart 3.1R allows remote attackers to inject arbitrary web script or HTML via the name parameter.... Read more

    Affected Products : php_easy_shopping_cart
    • Published: May. 11, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1709

    Multiple cross-site scripting (XSS) vulnerabilities in upload.cgi in G5-Scripts Auto-Img-Gallery 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) user and (2) pass parameters.... Read more

    Affected Products : auto-img-gallery
    • Published: May. 04, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-0594

    Cross-site scripting (XSS) vulnerability in Cisco Router and Security Device Manager (SDM) allows remote attackers to inject arbitrary web script or HTML via unknown vectors, aka Bug ID CSCtb38467.... Read more

    • Published: May. 04, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1662

    Cross-site scripting (XSS) vulnerability in acpmoderate.php in PHP-Quick-Arcade (PHPQA) 3.0.21 allows remote attackers to inject arbitrary web script or HTML via the serv parameter.... Read more

    Affected Products : php-quick-arcade
    • Published: May. 03, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1609

    Cross-site scripting (XSS) vulnerability in SAP NetWeaver 2004 before SP21 and 2004s before SP13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : netweaver
    • Published: Apr. 29, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1655

    Cross-site scripting (XSS) vulnerability in User/User_ChkLogin.asp in PowerEasy 2006 and PowerEasy SiteWeaver 6.8 allows remote attackers to inject arbitrary web script or HTML via the ComeUrl parameter.... Read more

    Affected Products : siteweaver
    • Published: May. 03, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2019-8925

    An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. An Absolute Path Traversal vulnerability in the Administration zone, in /netflow/servlet/CReportPDFServlet (via the parameter schFilePath), allows remote authenticated use... Read more

    Affected Products : manageengine_netflow_analyzer
    • Published: May. 17, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-12846

    A user without the required permissions could gain access to some JetBrains TeamCity settings. The issue was fixed in TeamCity 2018.2.2.... Read more

    Affected Products : teamcity
    • Published: Jul. 03, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-0876

    Unspecified vulnerability in the Life Sciences - Oracle Clinical Remote Data Capture Option component in Oracle Industry Product Suite 4.5.3 and 4.6 allows remote attackers to affect integrity, related to RDC Onsite.... Read more

    Affected Products : industry_product_suite
    • Published: Apr. 13, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-0855

    Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-0086.... Read more

    Affected Products : fusion_middleware
    • Published: Apr. 13, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-0863

    Unspecified vulnerability in the Retail - Oracle Retail Plan In-Season component in Oracle Industry Product Suite 12.2 allows remote attackers to affect integrity via unknown vectors related to Online Help.... Read more

    Affected Products : industry_product_suite
    • Published: Apr. 13, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-0864

    Unspecified vulnerability in the Retail - Oracle Retail Place In-Season component in Oracle Industry Product Suite 12.2 allows remote attackers to affect integrity via unknown vectors related to Online Help.... Read more

    Affected Products : industry_product_suite
    • Published: Apr. 13, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1339

    Cross-site scripting (XSS) vulnerability in ts_other.php in the Teamsite Hack plugin 3.0 and earlier for WoltLab Burning Board allows remote attackers to inject arbitrary web script or HTML via the userid parameter in a modboard action, which is not prope... Read more

    Affected Products : burning_board teamsite_hack_plugin
    • Published: Apr. 09, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2004-2767

    NWFTPD.nlm before 5.04.25 in the FTP server in Novell NetWare does not promptly close DS sessions, which allows remote attackers to cause a denial of service (connection slot exhaustion) by establishing many FTP sessions that persist for the lifetime of a... Read more

    Affected Products : netware netware_ftp_server
    • Published: Apr. 05, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2019-10342

    A missing permission check in Jenkins Docker Plugin 1.1.6 and earlier in various 'fillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.... Read more

    Affected Products : docker
    • Published: Jul. 11, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2009-3917

    Cross-site scripting (XSS) vulnerability in the S5 Presentation Player module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via an unspecified field that is copied to the HTML HEAD element.... Read more

    Affected Products : drupal s5
    • Published: Nov. 09, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3833

    Cross-site scripting (XSS) vulnerability in index.php in TFTgallery 0.13 allows remote attackers to inject arbitrary web script or HTML via the album parameter.... Read more

    Affected Products : tftgallery
    • Published: Nov. 02, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3747

    Cross-site scripting (XSS) vulnerability in index.php in TBmnetCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the content parameter. NOTE: this was originally reported for tbmnet.php, but that program does not exist in the TBm... Read more

    Affected Products : tbmnetcms
    • Published: Oct. 22, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-2733

    Multiple cross-site scripting (XSS) vulnerabilities in Achievo before 1.4.0 allow remote attackers to inject arbitrary web script or HTML via (1) the scheduler title in the scheduler module, and the (2) atksearch[contractnumber], (3) atksearch_AE_customer... Read more

    Affected Products : achievo
    • Published: Oct. 16, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 294528 Results