Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2013-4167

    Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) before 1.11.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : cms_made_simple
    • Published: Oct. 11, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-4194

    The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the installation path in an error message.... Read more

    Affected Products : plone
    • Published: Mar. 11, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2008-2563

    Multiple cross-site scripting (XSS) vulnerabilities in (1) dsp_main.php and (2) dsp_task_editor.php in SamTodo 1.1 allow remote attackers to inject arbitrary web script or HTML via the (a) tid parameter in a main.taskeditor edit action, and the (b) comple... Read more

    Affected Products : samtodo
    • Published: Jun. 06, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2012-3047

    Cross-site scripting (XSS) vulnerability in the web-wizard setup page on Cisco Scientific Atlanta D20 and D30 cable modems allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • Published: Dec. 10, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2366

    Cross-site scripting (XSS) vulnerability in futomi CGI Cafe Access Analyzer CGI Professional, and Standard 4.0.2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : access_analyzer_cgi
    • Published: Sep. 13, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-6162

    Cross-site scripting (XSS) vulnerability in Code-Crafters Ability Mail Server 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the body of an email.... Read more

    Affected Products : ability_mail_server
    • Published: Dec. 21, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-5702

    Multiple cross-site scripting (XSS) vulnerabilities in WebCenter in WatchGuard WSM and Fireware before 11.8 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.... Read more

    Affected Products : fireware watchguard_system_manager
    • Published: Oct. 19, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2006-0924

    Cross-site scripting (XSS) vulnerability in Brown Bear iCal 3.10 allows remote attackers to inject arbitrary web script or HTML via the Calendar Text field when a new event is added. NOTE: the provenance of this information is unknown; the details are ob... Read more

    Affected Products : ical
    • Published: Feb. 28, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0933

    Cross-site scripting (XSS) vulnerability in PHPX 3.5.9 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in a url XCode tag in a posted message. NOTE: the provenance of this information is unknown; the details are obtain... Read more

    Affected Products : phpx
    • Published: Feb. 28, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1077

    Multiple cross-site scripting (XSS) vulnerabilities in the commentary in Evo-Dev evoBlog allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter and (2) other unspecified parameters.... Read more

    Affected Products : evoblog
    • Published: Mar. 09, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1202

    Multiple cross-site scripting (XSS) vulnerabilities in textfileBB 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) mess and (2) user parameters in messanger.php, possibly requiring a URL encoded value.... Read more

    Affected Products : textfilebb
    • Published: Mar. 14, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1216

    Cross-site scripting (XSS) vulnerability in bigshow.php in Runcms 1.x allows remote attackers to inject arbitrary web script or HTML via the id parameter.... Read more

    Affected Products : runcms
    • Published: Mar. 14, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0509

    Multiple cross-site scripting (XSS) vulnerabilities in clients.php in Cerberus Helpdesk, possibly 2.7, allow remote attackers to inject arbitrary web script or HTML via (1) the contact_search parameter and (2) unspecified url fields.... Read more

    Affected Products : cerberus_helpdesk
    • Published: Feb. 01, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1396

    Multiple cross-site scripting (XSS) vulnerabilities in Cholod MySQL Based Message Board allow remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained from ... Read more

    Affected Products : mysql_based_message_board
    • Published: Mar. 26, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1394

    Multiple cross-site scripting (XSS) vulnerabilities in the Microsoft IIS ISAPI filter (aka application server module) in University of Washington Pubcookie 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary w... Read more

    Affected Products : pubcookie
    • Published: Mar. 26, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1430

    Multiple cross-site scripting (XSS) vulnerabilities in CONTROLzx HMS (formerly DRZES) 3.3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dedicatedPlanID parameter to dedicated_order.php, (2) sharedPlanID parameter ... Read more

    Affected Products : hms
    • Published: Mar. 28, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2017-1191

    An undisclosed vulnerability in CLM applications (including IBM Rational Collaborative Lifecycle Management 4.0, 5.0, and 6.0) with potential for failure to restrict URL Access. IBM X-Force ID: 123661.... Read more

    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2006-3003

    details.php in Easy Ad-Manager allows remote attackers to obtain the full installation path via an invalid mbid parameter, which leaks the path in an error message. NOTE: this might be resultant from another vulnerability, since this vector also produces... Read more

    Affected Products : easy_ad-manager
    • Published: Jun. 13, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2010-4183

    Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier before 4.1.0, when Internet Explorer is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) background-image, (2) background, or (3) font-family Cascadi... Read more

    Affected Products : internet_explorer htmlpurifier
    • Published: Nov. 05, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2006-3087

    Multiple cross-site scripting (XSS) vulnerabilities in EZGallery 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pUserID, (2) aid, (3) aname, (4) uid, and (5) m parameter in (a) common/galleries.asp; (6) aid, (7) ... Read more

    Affected Products : ezgallery
    • Published: Jun. 19, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 294155 Results