Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2009-1418

    Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 3.0.1.73 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : system_management_homepage
    • Published: May. 19, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-6529

    Cross-site scripting (XSS) vulnerability in listtest.php in eZoneScripts Living Local 1.1 allows remote attackers to inject arbitrary web script or HTML via the r parameter.... Read more

    Affected Products : living_local
    • Published: Mar. 26, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-6515

    Cross-site scripting (XSS) vulnerability in Fritz Berger yet another php photo album - next generation (yappa-ng) allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI.... Read more

    Affected Products : yappa-ng
    • Published: Mar. 24, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-6453

    Directory traversal vulnerability in section.php in 6rbScript 3.3, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter.... Read more

    Affected Products : 6rbscript
    • Published: Mar. 13, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-4782

    Multiple cross-site scripting (XSS) vulnerabilities in Theeta CMS, possibly 0.01, allow remote attackers to inject arbitrary web script or HTML via the (1) start, (2) forum, and (3) cat parameters to community/thread.php; (4) start and (5) cat parameters ... Read more

    Affected Products : theeta_cms
    • Published: Apr. 21, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-2751

    IBM WebSphere Commerce 7.0 uses the same cryptographic key for session attributes and merchant data encryption, which has unspecified impact and remote attack vectors.... Read more

    Affected Products : websphere_commerce
    • Published: Feb. 05, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-4149

    Cross-site scripting (XSS) vulnerability in the web interface in CA Service Desk 12.1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.... Read more

    Affected Products : service_desk
    • Published: Dec. 09, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-10775

    The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.4.32 via the 'pafe-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possi... Read more

    Affected Products : piotnet_addons
    • Published: Jan. 15, 2025
    • Modified: Jan. 15, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2009-2825

    Certificate Assistant in Apple Mac OS X before 10.6.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers ... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Nov. 10, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-6436

    Cross-site scripting (XSS) vulnerability in the Web Server in Xerox WorkCentre 7132, 7228, 7235, and 7245 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : workcentre
    • Published: Mar. 06, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-6562

    Cross-site scripting (XSS) vulnerability in jax_linklists.php in Jack (tR) Jax LinkLists 1.00 allows remote attackers to inject arbitrary web script or HTML via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtai... Read more

    Affected Products : jax_linklists
    • Published: Mar. 31, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-4119

    Cross-site scripting (XSS) vulnerability in Feed Element Mapper module 5.x before 5.x-1.3, 6.x before 6.x-1.3, and 6.x-2.0-alpha before 6.x-2.0-alpha4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal feed_element_mapper
    • Published: Dec. 01, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-1309

    Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, w... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Apr. 22, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-6501

    Cross-site scripting (XSS) vulnerability in profiles/index.php in Pro Chat Rooms 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the gud parameter.... Read more

    Affected Products : pro_chat_rooms
    • Published: Mar. 20, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-2455

    Multiple cross-site scripting (XSS) vulnerabilities in webadmin/admin.php in @mail 5.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) type and (2) func parameters. NOTE: the provenance of this information is unknown; the detai... Read more

    Affected Products : atmail \@tmail
    • Published: Jul. 14, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-5092

    Cross-site scripting (XSS) vulnerability in the management interface in Microsoft FAST ESP 5.1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : sharepoint_server fast_esp
    • Published: Sep. 12, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-6848

    Cross-site scripting (XSS) vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to inject arbitrary web script or HTML via the category parameter in a select action.... Read more

    Affected Products : phpgreetcards
    • Published: Jul. 07, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-6839

    Multiple cross-site scripting (XSS) vulnerabilities in TGS Content Management 0.3.2r2 allow remote attackers to inject arbitrary web script or HTML via the (1) msg and (2) goodmsg parameters to (a) login.php and (b) index.php, and the (3) dir and (4) id p... Read more

    Affected Products : tgs_content_management
    • Published: Jun. 27, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-6847

    Cross-site scripting (XSS) vulnerability in Employee/emp_login.asp in Pre ASP Job Board allows remote attackers to inject arbitrary web script or HTML via the msg parameter.... Read more

    Affected Products : pre_asp_job_board
    • Published: Jul. 02, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-1501

    Cross-site scripting (XSS) vulnerability in the Exif module 5.x-1.x before 5.x-1.2 and 6.x-1.x-dev before April 13, 2009, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via EXIF tags in an image.... Read more

    Affected Products : drupal exif
    • Published: May. 01, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 294125 Results