Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2006-1230

    Multiple cross-site scripting (XSS) vulnerabilities in create.php in vCard 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) card_id, (2) uploaded, (3) card_fontsize, or (4) card_color parameter. NOTE: the card_id vector was l... Read more

    Affected Products : vcard
    • Published: Mar. 14, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1233

    Multiple cross-site scripting (XSS) vulnerabilities in WMNews allow remote attackers to inject arbitrary web script or HTML via the (1) ArtCat parameter to wmview.php, (2) ctrrowcol parameter to footer.php, or (3) ArtID parameter to wmcomments.php.... Read more

    Affected Products : wmnews
    • Published: Mar. 14, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1215

    Cross-site scripting (XSS) vulnerability in misc.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the percent parameter. NOTE: this issue has been disputed in a followup post, although the origin... Read more

    Affected Products : burning_board
    • Published: Mar. 14, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1264

    Cross-site scripting (XSS) vulnerability in xhawk.net discussion 2.0 beta2 allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in a BBCode img tag.... Read more

    Affected Products : discussion
    • Published: Mar. 19, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1196

    Multiple cross-site scripting (XSS) vulnerabilities in QwikiWiki 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) from and (2) help parameters to (a) index.php; (3) action, (4) page, (5) debug, (6) help, (7) username, or (8) p... Read more

    Affected Products : qwikiwiki
    • Published: Mar. 13, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2011-3962

    Google Chrome before 17.0.963.46 does not properly perform path clipping, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.... Read more

    Affected Products : chrome
    • Published: Feb. 09, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2006-1417

    Multiple cross-site scripting (XSS) vulnerabilities in Caloris Planitia Online Quiz System (aka Web Quiz pro), possibly 1.0, allow remote attackers to inject arbitrary web script or HTML via the (1) exam parameter in prequiz.asp or (2) msg parameter in st... Read more

    Affected Products : web_quiz_pro
    • Published: Mar. 28, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1261

    Multiple cross-site scripting (XSS) vulnerabilities in ASPPortal 3.00 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.... Read more

    Affected Products : aspportal
    • Published: Mar. 19, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2017-8498

    Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 allows an attacker to read data not intended to be disclosed when Edge allows JavaScript XML DOM objects to detect installed browser extensions, aka "Microsoft Edge Information Disclosure... Read more

    Affected Products : edge windows_10 windows_server_2016
    • Published: Jun. 15, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2006-1199

    Cross-site scripting (XSS) vulnerability in iframe.php in daverave Link Bank allows remote attackers to inject arbitrary web script or HTML via the site parameter.... Read more

    Affected Products : link_bank
    • Published: Mar. 14, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2024-44116

    The RFC enabled function module allows a low privileged user to add any workbook to any user's workplace favourites. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces. There is low impact on... Read more

    Affected Products : netweaver_application_server_abap
    • Published: Sep. 10, 2024
    • Modified: Sep. 10, 2024

  • 4.3

    MEDIUM
    CVE-2011-4100

    The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.3 does not initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed ... Read more

    Affected Products : wireshark
    • Published: Nov. 03, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2018-6849

    In the WebRTC component in DuckDuckGo 4.2.0, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request.... Read more

    Affected Products : duckduckgo
    • Published: Apr. 01, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2011-4312

    Multiple cross-site scripting (XSS) vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) diff viewer or (2) screenshot comp... Read more

    Affected Products : review_board
    • Published: Nov. 24, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-4353

    The (1) av_image_fill_pointers, (2) vp5_parse_coeff, and (3) vp6_parse_coeff functions in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.... Read more

    Affected Products : ffmpeg libav
    • Published: Aug. 20, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2005-3665

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generation.... Read more

    Affected Products : phpmyadmin
    • Published: Dec. 08, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4435

    Cross-site scripting (XSS) vulnerability in index.php AbleDesign D-Man 3.x allows remote attackers to inject arbitrary web script or HTML via the title parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from th... Read more

    Affected Products : d-man
    • Published: Dec. 21, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3424

    Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 allows remote attackers to inject arbitrary web script or HTML via 404 error pages, a different vulnerability than CVE-2005-3425.... Read more

    Affected Products : gnump3d
    • Published: Nov. 01, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1157

    Cross-site scripting (XSS) vulnerability in Vz Scripts ADP Forum 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the Subject field (possibly messaggio parameter) when posting a new message in post.php.... Read more

    Affected Products : adp_forum
    • Published: Mar. 12, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4365

    Multiple cross-site scripting (XSS) vulnerabilities in FLIP 0.9.0.1029 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in text.php and (2) frame parameter in forum.php.... Read more

    Affected Products : flip
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 293633 Results