Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2009-2289

    Cross-site scripting (XSS) vulnerability in index.php in Arcade Trade Script 1.0 beta allows remote attackers to inject arbitrary web script or HTML via the q parameter in a gamelist action.... Read more

    Affected Products : arcade_trade_script
    • Published: Jul. 01, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-6108

    Cross-site scripting (XSS) vulnerability in result.php in Galatolo WebManager (GWM) 1.0 allows remote attackers to inject arbitrary web script or HTML via the key parameter.... Read more

    Affected Products : galatolo_webmanager
    • Published: Feb. 10, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-4524

    Cross-site scripting (XSS) vulnerability in the RealName module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a realname (aka real name) element.... Read more

    Affected Products : drupal realname
    • Published: Dec. 31, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-2277

    Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "context data."... Read more

    Affected Products : virtualcenter esx_server
    • Published: Apr. 01, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-6041

    Multiple cross-site scripting (XSS) vulnerabilities in Index.asp in Dataspade 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) ViewName, (2) TableName, (3) OrderBy, and (4) FilterField parameters.... Read more

    Affected Products : dataspade
    • Published: Feb. 03, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-2219

    Multiple cross-site scripting (XSS) vulnerabilities in phpCollegeExchange 0.1.5c allow remote attackers to inject arbitrary web script or HTML via the (1) _SESSION[handle] parameter to (a) home.php, (b) books/allbooks.php, or (c) books/home.php; or the (2... Read more

    Affected Products : phpcollegeexchange
    • Published: Jun. 25, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-2226

    Cross-site scripting (XSS) vulnerability in Let's PHP! Tree BBS 2004/11/23 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : tree_bbs
    • Published: Jun. 26, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-6060

    Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) files created by InfoSoft FusionCharts allows remote attackers to inject arbitrary additional SWF content via a URL in the SRC attribute of an IMG element in the d... Read more

    Affected Products : fusion_charts
    • Published: Feb. 05, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-2215

    Multiple cross-site scripting (XSS) vulnerabilities in URD before 0.6.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the fatal_error page and unspecified other components.... Read more

    Affected Products : urd
    • Published: Jun. 25, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-2216

    Cross-site scripting (XSS) vulnerability in CMD_REDIRECT in DirectAdmin 1.33.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the URI in a view=advanced request.... Read more

    Affected Products : directadmin
    • Published: Jun. 25, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-2228

    Cross-site scripting (XSS) vulnerability in engine.php in Kasseler CMS allows remote attackers to inject arbitrary web script or HTML via the url parameter in a redirect action.... Read more

    Affected Products : kasseler_cms
    • Published: Jun. 26, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-2224

    Directory traversal vulnerability in ang/shared/flags.php in AN Guestbook 0.7.8, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the g_lang parameter.... Read more

    Affected Products : an_guestbook
    • Published: Jun. 26, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-2283

    Multiple cross-site scripting (XSS) vulnerabilities in the help jsp scripts in Sun Java Web Console 3.0.2 through 3.0.5, and Sun Java Web Console in Solaris 10, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : solaris java_web_console
    • Published: Jul. 01, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-4525

    Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.9 and 6.x before 6.x-1.9, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via crafted data in a list o... Read more

    Affected Products : drupal print
    • Published: Dec. 31, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-2292

    Cross-site scripting (XSS) vulnerability in Appleple a-News 2.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : a-news
    • Published: Jul. 01, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-2316

    Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0 allow remote attackers to inject arbitrary web script or HTML by entering an unspecified URL in (1) the self-service UI interface or (2) the console interface. N... Read more

    Affected Products : tivoli_identity_manager
    • Published: Jul. 05, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-2286

    Buffer overflow in compface 1.5.2 and earlier allows user-assisted attackers to cause a denial of service (crash) via a long declaration in a .xbm file. NOTE: this issue only affects compface on distributions that used a certain patch.... Read more

    Affected Products : compface
    • Published: Jul. 01, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-4681

    Cross-site scripting (XSS) vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to inject arbitrary web script or HTML via the st parameter.... Read more

    Affected Products : phpdirectorysource
    • Published: Mar. 10, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-4708

    Cross-site scripting (XSS) vulnerability in IBM Rational Asset Manager before 7.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : rational_asset_manager
    • Published: Dec. 08, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-6095

    Cross-site scripting (XSS) vulnerability in surveillanceView.htm in OpenNMS 1.5.94 allows remote attackers to inject arbitrary web script or HTML via the viewName parameter.... Read more

    Affected Products : opennms
    • Published: Feb. 09, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 294307 Results