Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2006-2885

    Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree Open Source 3.0.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fDocumentId parameter in view.php and the (2) fSearchableText parameter in /search... Read more

    Affected Products : knowledgetree
    • Published: Jun. 07, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0069

    Cross-site scripting (XSS) vulnerability in addentry.php in Chipmunk Guestbook 1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the homepage parameter.... Read more

    Affected Products : chipmunk_guestbook
    • Published: Jan. 03, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-4634

    Cross-site scripting (XSS) vulnerability in index.php in VBZooM allows remote attackers to inject arbitrary web script or HTML via the UserID parameter, a different vector than CVE-2006-1133 and CVE-2005-2441.... Read more

    Affected Products : vbzoom
    • Published: Sep. 08, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-2927

    Multiple cross-site scripting (XSS) vulnerabilities in post.asp in CodeAvalanche FreeForum (aka CAForum) 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_subject and (2) msg_body parameters. NOTE: The provenance of this i... Read more

    Affected Products : codeavalanche_freeforum
    • Published: Jun. 09, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4876

    Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.2.2, and possibly other versions before 2.3.0 Beta 2, allows remote attackers to inject arbitrary web script or HTML via the user... Read more

    Affected Products : openfire
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3212

    Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook 1.3 and earlier allows remote attackers to inject web script or HTML via the (1) name, (2) email, (3) add, and (4) wName parameters. NOTE: the provenance of this information is unknown; ... Read more

    Affected Products : cjguestbook
    • Published: Jun. 24, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3179

    Cross-site scripting (XSS) vulnerability in tools_ftp_pwaendern.php in Confixx Pro 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the account parameter.... Read more

    Affected Products : confixx
    • Published: Jun. 23, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2010-2598

    LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a cra... Read more

    Affected Products : enterprise_linux
    • Published: Jul. 02, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2006-3187

    Multiple cross-site scripting (XSS) vulnerabilities in Sharky e-shop 3.05 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) maingroup and (2) secondgroup parameters to (a) search_prod_list.asp, and the (3) maingroup par... Read more

    Affected Products : sharky_e-shop
    • Published: Jun. 23, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0194

    Cross-site scripting (XSS) vulnerability in default.asp in FogBugz 4.029, and other versions before 4.0.33, allows remote attackers to inject arbitrary web script or HTML via the dest parameter in the pgLogon page.... Read more

    Affected Products : fogbugz
    • Published: Jan. 13, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2010-2660

    Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict certain uses of homograph characters in domain names, which makes it easier for remote attackers to spoof IDN domains via unspecified choices of cha... Read more

    Affected Products : mac_os_x opera_browser windows unix
    • Published: Jul. 08, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2665

    Cross-site scripting (XSS) vulnerability in Opera before 10.54 on Windows and Mac OS X, and before 10.11 on UNIX platforms, allows remote attackers to inject arbitrary web script or HTML via a data: URI, related to incorrect detection of the "opening site... Read more

    Affected Products : mac_os_x opera_browser windows unix
    • Published: Jul. 08, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2761

    The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP header... Read more

    Affected Products : cgi.pm cgi-simple
    • Published: Dec. 06, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2006-3186

    Multiple cross-site scripting (XSS) vulnerabilities in CMS Faethon 1.3.2 allow remote attackers to inject arbitrary web script or HTML via the mainpath parameter to (1) data/footer.php and (2) admin/header.php. NOTE: the provenance of this information is... Read more

    Affected Products : cms_faethon
    • Published: Jun. 23, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2010-2790

    Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery function in frontends/php/include/classes/class.curl.php in Zabbix before 1.8.3rc1 allow remote attackers to inject arbitrary web script or HTML via the (1) filter_set, (2) show_detail... Read more

    Affected Products : zabbix
    • Published: Aug. 05, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2006-3211

    Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook 1.3 and earlier allows remote attackers to inject Javascript code via a javascript URI in an img bbcode tag in the comments parameter.... Read more

    Affected Products : cjguestbook
    • Published: Jun. 24, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2010-2969

    Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, and 1.9.x before 1.9.3, allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/LikePages.py, (2) action/chart.py, and (3) ... Read more

    Affected Products : moinmoin
    • Published: Aug. 05, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2005-4785

    Cross-site scripting (XSS) vulnerability in QuickBlogger 1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) author ("your name") and (2) "comment" section.... Read more

    Affected Products : quickblogger
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2018-6102

    Missing confusable characters in Internationalization in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.... Read more

    • Published: Dec. 04, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2005-4780

    Cross-site scripting (XSS) vulnerability in Fidra Lighthouse CMS 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in a query_string to the home page. NOTE: The vendor disputes this issue, saying "Li... Read more

    Affected Products : lighthouse_cms
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 294846 Results