Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2010-0936

    Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter.... Read more

    Affected Products : dkvm-ip8
    • Published: Mar. 08, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1074

    Cross-site scripting (XSS) vulnerability in the Currency Exchange module before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to watchdog logging.... Read more

    Affected Products : drupal currency
    • Published: Mar. 23, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-14573

    Vulnerability in the Java SE product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 11.0.7 and 14.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols... Read more

    • Published: Jul. 15, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-1091

    Multiple cross-site scripting (XSS) vulnerabilities in contact.php in phpMySite allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) city, (3) email, (4) state, and (5) message parameters.... Read more

    Affected Products : phpmysite
    • Published: Mar. 24, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-0940

    Cross-site scripting (XSS) vulnerability in guestbook.php in Simple PHP Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the action parameter.... Read more

    Affected Products : simple_php_guestbook
    • Published: Mar. 08, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-6370

    Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Contact Manager Pro 1.02 allows remote attackers to inject arbitrary web script or HTML via the DisplayFormat parameter.... Read more

    Affected Products : contact_manager_pro
    • Published: Mar. 02, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-1647

    Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) strings that are processed as script by Internet E... Read more

    Affected Products : mediawiki
    • Published: Jun. 08, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-0556

    browser/login/login_prompt.cc in Google Chrome before 4.0.249.89 populates an authentication dialog with credentials that were stored by Password Manager for a different web site, which allows user-assisted remote HTTP servers to obtain sensitive informat... Read more

    Affected Products : chrome
    • Published: Feb. 18, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-11583

    The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_zipped_font' function in all versions up to, and including... Read more

    Affected Products : borderless
    • Published: Jan. 30, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2025-21247

    Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.... Read more

    • Published: Mar. 11, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Path Traversal

  • 4.3

    MEDIUM
    CVE-2023-1224

    Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : chrome edge_chromium
    • Published: Mar. 07, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-1618

    Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handl... Read more

    Affected Products : moodle phpcas_client_library phpcas
    • Published: Apr. 29, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2147

    Cross-site scripting (XSS) vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the modveh parameter to index.php.... Read more

    Affected Products : joomla\! com_mycar
    • Published: Jun. 03, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-14579

    Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker... Read more

    • Published: Jul. 15, 2020
    • Modified: May. 27, 2025

  • 4.3

    MEDIUM
    CVE-2010-2179

    Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified ve... Read more

    Affected Products : firefox chrome flash_player air
    • Published: Jun. 15, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-4699

    Multiple cross-site scripting (XSS) vulnerabilities in SkaDate Dating allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/auth.php and (2) file_uploader.php.... Read more

    Affected Products : skadate_online_dating_software
    • Published: Mar. 15, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-6507

    Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.... Read more

    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2009-4879

    The Identity Server in Novell Access Manager before 3.1 SP1 allows attackers with disabled Active Directory accounts to authenticate using X.509 authentication, which bypasses intended access restrictions.... Read more

    Affected Products : access_manager
    • Published: May. 26, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2306

    The default installation of Sourcefire 3D Sensor 1000, 2000, and 9900; and Defense Center 1000; uses the same static, private SSL keys for multiple devices and installations, which allows remote attackers to decrypt SSL traffic via a man-in-the-middle (MI... Read more

    Affected Products : 3d1000 3d2000 3d9900 dc1000
    • Published: Jun. 16, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2380

    Unspecified vulnerability in the PeopleSoft Enterprise FSCM component in Oracle PeopleSoft and JDEdwards Suite SCM 8.9 Bundle #37, SCM 9.0 Bundle #30, and SCM 9.1 Bundle #4 allows local users to affect confidentiality, integrity, and availability via unkn... Read more

    • Published: Jul. 13, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 293646 Results