Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2009-0573

    Multiple cross-site scripting (XSS) vulnerabilities in FotoWeb 6.0 (Build 273) allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to cmdrequest/Login.fwx and the (2) search parameter to Grid.fwx.... Read more

    Affected Products : fotoweb
    • Published: Feb. 13, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2013-0569

    Cross-site scripting (XSS) vulnerability in the Communities component in IBM Connections 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : connections
    • Published: Apr. 27, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2017-3817

    A vulnerability in the role-based resource checking functionality of Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in a UCS domain. More Information: CS... Read more

    Affected Products : unified_computing_system_director
    • Published: Apr. 07, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2015-7320

    Multiple cross-site scripting (XSS) vulnerabilities in cpabc_appointments_admin_int_bookings_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified v... Read more

    Affected Products : appointment_booking_calendar
    • Published: Sep. 29, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2017-6785

    A vulnerability in configuration modification permissions validation for Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform a horizontal privilege escalation where one user can modify another user's configuration... Read more

    Affected Products : unified_communications_manager
    • Published: Aug. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2009-2965

    Cross-site scripting (XSS) vulnerability in entry/index.jsp in Radvision Scopia 5.7, and possibly other versions before SD 7.0.100, allows remote attackers to inject arbitrary web script or HTML via the page parameter.... Read more

    Affected Products : scopia
    • Published: Aug. 25, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2021-30999

    The issue was addressed with improved permissions logic. This issue is fixed in iOS 14.6 and iPadOS 14.6. A user may be unable to fully delete browsing history.... Read more

    Affected Products : iphone_os ipados
    • Published: Aug. 24, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2008-6876

    Cross-site scripting (XSS) vulnerability in login.php in EsPartenaires 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the EsContacts 1.0 issue is covered in CVE-2008-2037.... Read more

    Affected Products : espartenaires
    • Published: Jul. 24, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-2043

    Cross-site scripting (XSS) vulnerability in Home.aspx in DataTrack System 3.5 and 3.5.8019.4 allows remote attackers to inject arbitrary web script or HTML via the Work_Order_Summary parameter (aka the request summary). NOTE: some of these details are ob... Read more

    Affected Products : datatrack_system
    • Published: May. 25, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2017-3315

    Vulnerability in the PeopleSoft Enterprise HCM ePerformance component of Oracle PeopleSoft Products (subcomponent: Security). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network acces... Read more

    • Published: Jan. 27, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2012-5587

    Cross-site scripting (XSS) vulnerability in the Email Field module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the mailto link.... Read more

    Affected Products : drupal email email
    • Published: Dec. 26, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-10495

    CSRF in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article template, given the id, via a crafted request.... Read more

    Affected Products : phpkb
    • Published: Mar. 12, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-48213

    RockOA v2.6.5 is vulnerable to Directory Traversal in webmain/system/beifen/beifenAction.php.... Read more

    Affected Products : xinhu
    • Published: Oct. 23, 2024
    • Modified: Oct. 31, 2024

  • 4.3

    MEDIUM
    CVE-2013-1160

    Cross-site scripting (XSS) vulnerability in the OpenView web menus in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud56743.... Read more

    • Published: May. 01, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2017-3844

    A vulnerability in exporting functions of the user interface for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to view file directory listings and download files. Affected Products: Cisco Prime Collaboration Assurance s... Read more

    Affected Products : prime_collaboration_assurance
    • Published: Feb. 22, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2009-4948

    Cross-site scripting (XSS) vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : typo3 locator
    • Published: Jul. 22, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-4910

    Cross-site scripting (XSS) vulnerability in the WebVPN portal on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CS... Read more

    • Published: Jun. 29, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1907

    The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to discover the username of the client user, and consequently determine a pathname to a certain user directory... Read more

    • Published: May. 12, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-5891

    Cross-site scripting (XSS) vulnerability in the profile editing functionality in Injader before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party inform... Read more

    Affected Products : injader
    • Published: Jan. 12, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-0141

    Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jan. 10, 2023
    • Modified: Mar. 20, 2025
Showing 20 of 294133 Results