Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2014-4515

    Cross-site scripting (XSS) vulnerability in mce_anyfont/dialog.php in the AnyFont plugin 2.2.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the text parameter.... Read more

    Affected Products : anyfont
    • Published: Jul. 01, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2009-1881

    Cross-site scripting (XSS) vulnerability in MT312 IMG-BBS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to model.php with a timestamp before 20090521.... Read more

    Affected Products : img-bbs
    • Published: Jun. 02, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-1877

    Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1875.... Read more

    Affected Products : coldfusion
    • Published: Aug. 18, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2015-3189

    With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current email address to a n... Read more

    • Published: May. 25, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2008-6681

    Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo before 1.1 allows remote attackers to inject arbitrary web script or HTML via XML entities in a TEXTAREA element.... Read more

    Affected Products : dojo
    • Published: Apr. 09, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2011-0809

    Unspecified vulnerability in the Web ADI component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors.... Read more

    Affected Products : e-business_suite
    • Published: Apr. 20, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-0814

    Cross-site scripting (XSS) vulnerability in Widgets.aspx in Blogsa 1.0 Beta 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchText parameter.... Read more

    Affected Products : blogsa
    • Published: Mar. 05, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2012-0324

    Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vect... Read more

    Affected Products : jenkins jenkins
    • Published: Mar. 09, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-3106

    Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev18, 6.22.0 before rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allow remote attackers to inject arbitrary ... Read more

    • Published: Sep. 05, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-0155

    Cross-site scripting (XSS) vulnerability in index.php in EvilBoard 0.1a (Alpha) allows remote attackers to inject arbitrary web script or HTML via the c parameter.... Read more

    Affected Products : evilboard
    • Published: Jan. 09, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2011-4735

    Multiple cross-site scripting (XSS) vulnerabilities in the Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by smb/user/create ... Read more

    • Published: Dec. 16, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-3596

    Cross-site scripting (XSS) vulnerability in Harmoni before 1.4.7 allows remote attackers to inject arbitrary web script or HTML via the Username field, which is inserted into logs that could be rendered when viewed by an administrator.... Read more

    Affected Products : harmoni
    • Published: Aug. 12, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2011-4306

    Cross-site scripting (XSS) vulnerability in course/editsection.html in Moodle 1.9.x before 1.9.14 allows remote authenticated users to inject arbitrary web script or HTML via crafted data.... Read more

    Affected Products : moodle
    • Published: Jul. 11, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-6503

    Multiple cross-site scripting (XSS) vulnerabilities in PrestaShop 1.1.0.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/login.php and (2) order.php.... Read more

    Affected Products : prestashop
    • Published: Mar. 20, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2013-2825

    The DNP3 service in the Outstation component on Elecsys Director Gateway devices with kernel 2.6.32.11ael1 and earlier allows remote attackers to cause a denial of service (CPU consumption and communication outage) via crafted input.... Read more

    • Published: Dec. 04, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-0132

    Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 9.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • Published: Apr. 05, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-0317

    Cross-site scripting (XSS) vulnerability in the Manager Change for Organic Groups (og_manager_change) module 7.x-2.x before 7.x-2.1 for Drupal might allow remote attackers to inject arbitrary web script or HTML via the username in the new manager autocomp... Read more

    Affected Products : drupal og_manager_change
    • Published: Mar. 27, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-0688

    Cross-site scripting (XSS) vulnerability in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3... Read more

    • Published: Mar. 13, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-7077

    Cross-site scripting (XSS) vulnerability in the Backend User Administration Module in TYPO3 6.0.x before 6.0.12 and 6.1.x before 6.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : typo3
    • Published: Dec. 21, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-9987

    An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 14.0. Visiting a malicious website may lead to address bar spoofing.... Read more

    Affected Products : safari
    • Published: Dec. 08, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294836 Results