Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2009-3858

    Cross-site scripting (XSS) vulnerability in GejoSoft allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI in photos/tags.... Read more

    Affected Products : gejosoft
    • Published: Nov. 04, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-4715

    Cross-site scripting (XSS) vulnerability in rates.php in Real Time Currency Exchange allows remote attackers to inject arbitrary web script or HTML via the Amount parameter.... Read more

    Affected Products : real_time_currency_exchange
    • Published: Mar. 15, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-3914

    Cross-site scripting (XSS) vulnerability in the Temporary Invitation module 5.x before 5.x-2.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the Name field in an invitation.... Read more

    Affected Products : drupal temporary_invitation
    • Published: Nov. 09, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-10852

    The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the buy_one_click_export_options AJAX action in all versions up to, and including, 2.2.9. This makes it possible for authe... Read more

    Affected Products : buy_one_click_woocommerce
    • Published: Nov. 13, 2024
    • Modified: Nov. 13, 2024

  • 4.3

    MEDIUM
    CVE-2009-4697

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in RadNICS Gold 5 allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter in a ulist action and the (2) fid parameter in a view_forum action.... Read more

    Affected Products : radnics
    • Published: Mar. 10, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2005-2324

    Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and 2.0a allows remote attackers to inject arbitrary web script or HTML via the searchtype or searchterm parameters to (1) results.php or (2) categorysearch.php.... Read more

    Affected Products : clever_copy
    • Published: Jul. 19, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2014-3262

    The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS 15.3(3)S and earlier and IOS XE does not properly validate parameters in ITR control messages, which allows remote attackers to cause a denial of service (CEF outage and packet drops) v... Read more

    Affected Products : ios_xe ios
    • Published: May. 16, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2010-0556

    browser/login/login_prompt.cc in Google Chrome before 4.0.249.89 populates an authentication dialog with credentials that were stored by Password Manager for a different web site, which allows user-assisted remote HTTP servers to obtain sensitive informat... Read more

    Affected Products : chrome
    • Published: Feb. 18, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-0197

    Cross-site scripting (XSS) vulnerability in the filter_draw_selection_area2 function in core/filter_api.php in MantisBT 1.2.12 before 1.2.13 allows remote attackers to inject arbitrary web script or HTML via the match_type parameter to bugs/search.php.... Read more

    Affected Products : mantisbt
    • Published: May. 15, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2009-4714

    Cross-site scripting (XSS) vulnerability in the quiz module for XOOPS Celepar allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to cadastro_usuario.php.... Read more

    Affected Products : xoops_celepar
    • Published: Mar. 15, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-3805

    gpg2.exe in Gpg4win 2.0.1, as used in KDE Kleopatra 2.0.11, allows remote attackers to cause a denial of service (application crash) via a long certificate signature.... Read more

    Affected Products : gpg4win kleopatra
    • Published: Oct. 27, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-4716

    Cross-site scripting (XSS) vulnerability in results.php in EDGEPHP EZWebSearch allows remote attackers to inject arbitrary web script or HTML via the language parameter.... Read more

    Affected Products : ezwebsearch
    • Published: Mar. 15, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2006-3817

    Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess 6.5 and 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via an encoded SCRIPT element in an e-mail message with the UTF-7 character set, as demonstrate... Read more

    Affected Products : groupwise_webaccess
    • Published: Aug. 11, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2009-3823

    Directory traversal vulnerability in myhtml.php in Mobilelib GOLD 3.0, when magic_quotes_gpc is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the GLOBALS[page] parameter.... Read more

    Affected Products : mobilelib_gold
    • Published: Oct. 28, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3779

    Cross-site scripting (XSS) vulnerability in vCard 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the addition of the theme_vcard function t... Read more

    Affected Products : drupal vcard
    • Published: Oct. 26, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3786

    Cross-site scripting (XSS) vulnerability in Organic Groups (OG) Vocabulary 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the group title.... Read more

    Affected Products : drupal og_vocab
    • Published: Oct. 26, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-3765

    Multiple cross-site scripting (XSS) vulnerabilities in Huttenlocher Webdesign hwdeGUEST 2.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, as demonstrated by the "name input" field in new_entry.php.... Read more

    Affected Products : hwdeguest
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2009-3762

    Unspecified vulnerability in Oracle OpenSSO Enterprise 8.0 allows remote attackers to affect integrity via unknown vectors.... Read more

    Affected Products : opensso_enterprise
    • Published: Jul. 13, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-3809

    Acoustica MP3 Audio Mixer 1.0 and possibly 2.471 allows remote attackers to cause a denial of service (crash) via a long string in a .sgp playlist file.... Read more

    Affected Products : mp3_audio_mixer
    • Published: Oct. 27, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3755

    Multiple cross-site scripting (XSS) vulnerabilities in phpBMS 0.96 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php and (2) modules\base\myaccount.php; and the PATH_INFO to (3) modules_view.php, (4) tabledef... Read more

    Affected Products : phpbms
    • Published: Oct. 22, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 294210 Results