Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2009-4422

    Multiple cross-site scripting (XSS) vulnerabilities in the GetURLArguments function in jpgraph.php in Aditus Consulting JpGraph 3.0.6 allow remote attackers to inject arbitrary web script or HTML via a key to csim_in_html_ex1.php, and other unspecified ve... Read more

    Affected Products : jpgraph
    • Published: Dec. 24, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-4404

    Unspecified vulnerability in t-prot (TOFU Protection) before 2.8 allows remote attackers to cause a denial of service via unspecified vectors related to the "--maxlines" option and a crafted email message. NOTE: some of these details are obtained from th... Read more

    Affected Products : t-prot
    • Published: Dec. 23, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-4425

    Cross-site scripting (XSS) vulnerability in index.php in iDevCart 1.09 allows remote attackers to inject arbitrary web script or HTML via the SEARCH parameter in a browse action.... Read more

    Affected Products : idevcart
    • Published: Dec. 28, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-0257

    Cross-site scripting (XSS) vulnerability in search.pl in Dansie Search Engine 2.7 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. NOTE: the provenance of this information is unknown; the details are obtained sol... Read more

    Affected Products : search_engine
    • Published: Jan. 15, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-1798

    Multiple cross-site scripting (XSS) vulnerabilities on the Network Management Card (NMC) on American Power Conversion (APC) Switched Rack PDU (aka Rack Mount Power Distribution) devices and other devices allow remote attackers to inject arbitrary web scri... Read more

    • Published: Dec. 28, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-1287

    Cross-site scripting (XSS) vulnerability in Cisco Subscriber Edge Services Manager (SESM) allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: some of these details are obtained from third party information.... Read more

    Affected Products : subscriber_edge_services_manager
    • Published: Apr. 13, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-4464

    Cross-site scripting (XSS) vulnerability in searchadvance.asp in Active Business Directory 2 allows remote attackers to inject arbitrary web script or HTML via the search parameter.... Read more

    Affected Products : active_business_directory
    • Published: Dec. 30, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-4461

    Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.909 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) contact.php, (2) login.php, and (3) search.php.... Read more

    Affected Products : flatpress
    • Published: Dec. 30, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-4478

    Multiple cross-site scripting (XSS) vulnerabilities in Xstate Real Estate 1.0 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) home.html or (2) lands.html.... Read more

    Affected Products : real_estate
    • Published: Dec. 30, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2013-6039

    Multiple cross-site scripting (XSS) vulnerabilities in NagiosQL 3.2 SP2 allow remote attackers to inject arbitrary web script or HTML via the txtSearch parameter to (1) admin/hostdependencies.php, (2) admin/hosts.php, or other unspecified pages that allow... Read more

    Affected Products : nagiosql
    • Published: Dec. 09, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-0362

    Cross-site scripting (XSS) vulnerability in gallery.php in Clever Copy 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the album parameter.... Read more

    Affected Products : clever_copy
    • Published: Jan. 18, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-1249

    Cross-site scripting (XSS) vulnerability in Feed element mapper 5.x before 5.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the content title in admin/content/node-type/nodetype/map.... Read more

    Affected Products : drupal feedapi_mapper
    • Published: Apr. 06, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-6609

    Cross-site scripting (XSS) vulnerability in phpcksec.php in Stefan Ott phpcksec 0.2 allows remote attackers to inject arbitrary web script or HTML via the path parameter.... Read more

    Affected Products : phpcksec
    • Published: Apr. 06, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-5106

    Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 allows remote attackers to inject arbitrary web script or HTML via the user_login parameter.... Read more

    Affected Products : wordpress
    • Published: Sep. 26, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2015-7377

    Cross-site scripting (XSS) vulnerability in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the invitaion_code parameter in a pie-register page to the ... Read more

    Affected Products : pie_register pie-register
    • Published: Oct. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2009-4608

    Cross-site scripting (XSS) vulnerability in Canon IT Solutions Inc. ACCESSGUARDIAN 3.0.14 and earlier, and 3.5.6 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to authentication.... Read more

    Affected Products : accessguardian
    • Published: Jan. 13, 2010
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-5091

    Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.4.001 allow remote attackers to inject arbitrary web script or HTML via the cat_data[color] parameter to (1) preferences/inc/class.uicategories.inc.php and (2) admin/inc/class.uicategorie... Read more

    Affected Products : egroupware
    • Published: Sep. 26, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-0320

    Cross-site scripting (XSS) vulnerability in submitlink.php in Glitter Central Script allows remote attackers to inject arbitrary web script or HTML via the catid parameter.... Read more

    Affected Products : glitter_central_script
    • Published: Jan. 15, 2010
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2004-2762

    The server in IBM Tivoli Storage Manager (TSM) 4.2.x on MVS, 5.1.9.x before 5.1.9.1, 5.1.x before 5.1.10, 5.2.2.x before 5.2.2.3, 5.2.x before 5.2.3, 5.3.x before 5.3.0, and 6.x before 6.1, when the HTTP communication method is enabled, allows remote atta... Read more

    Affected Products : tivoli_storage_manager mvs
    • Published: Mar. 31, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-0357

    Directory traversal vulnerability in pages/upload.php in Galaxyscripts Mini File Host 1.2.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.... Read more

    Affected Products : mini_file_host
    • Published: Jan. 18, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 294522 Results