Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2018-17081

    e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page.... Read more

    Affected Products : e107
    • Published: Sep. 26, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-3672

    Cross-site scripting (XSS) vulnerability in ecrire/tools.php in DotClear 1.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified form fields on the blogroll page.... Read more

    Affected Products : dotclear
    • Published: Jul. 10, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2005-3787

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl4 allow remote attackers to inject arbitrary web script or HTML via (1) the cookie-based login panel, (2) the title parameter and (3) the table creation dialog.... Read more

    Affected Products : phpmyadmin
    • Published: Nov. 24, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2007-5130

    SimpGB 1.46.02 allows remote attackers to obtain sensitive information via (1) an invalid lang parameter to admin/index.php or (2) a direct request to admin/trailer.php, which reveals the path in various error messages.... Read more

    Affected Products : simpgb
    • Published: Sep. 27, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2020-36760

    The Ocean Extra plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5]. This is due to missing or incorrect nonce validation on the add_core_extensions_bundle_validation() function. This makes it possible... Read more

    Affected Products : ocean_extra
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-3887

    The Limit Mail feature in the Parental Controls functionality in Mail on Apple Mac OS X does not properly enforce the correspondence whitelist, which allows remote attackers to bypass intended access restrictions and conduct e-mail communication by levera... Read more

    Affected Products : mac_os_x mail
    • Published: Oct. 08, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2019-14728

    In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to add an e-mail forwarding destination to a victim's account via an attacker account.... Read more

    Affected Products : webpanel
    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-10495

    CSRF in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article template, given the id, via a crafted request.... Read more

    Affected Products : phpkb
    • Published: Mar. 12, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2004-2040

    Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary web script or HTML via the (1) LAN_407 parameter to clock_menu.php, (2) "email article to a friend" field, (3) "submit news" field, or (4) avmsg p... Read more

    Affected Products : e107
    • Published: May. 29, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0650

    Cross-site scripting (XSS) vulnerability in cpaint2.inc.php in the CPAINT library before 2.0.3, as used in multiple scripts, allows remote attackers to inject arbitrary web script or HTML via the cpaint_response_type parameter, which is displayed in a res... Read more

    Affected Products : cpaint
    • Published: Feb. 13, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2009-4589

    Cross-site scripting (XSS) vulnerability in the Special:Block implementation in the getContribsLink function in SpecialBlockip.php in MediaWiki 1.14.0 and 1.15.0 allows remote attackers to inject arbitrary web script or HTML via the ip parameter.... Read more

    Affected Products : mediawiki mediawik
    • Published: Jan. 07, 2010
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-4822

    Cross-site request forgery (CSRF) vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the res parameter w... Read more

    Affected Products : database_server airstation_whr-g54s
    • Published: Sep. 11, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-4488

    Multiple cross-site scripting (XSS) vulnerabilities in the Siemens Gigaset SE361 WLAN router with firmware 1.00.0 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI immediately following the filename for (1) a GIF fil... Read more

    Affected Products : gigaset_se361_wlan_router
    • Published: Aug. 22, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2019-15577

    An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed project milestones to be disclosed via groups browsing.... Read more

    Affected Products : gitlab
    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2011-5023

    Cross-site scripting (XSS) vulnerability in Pligg CMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the search program, a different vulnerability than CVE-2011-3986.... Read more

    Affected Products : pligg_cms
    • Published: Dec. 29, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-27940

    This issue was addressed with improved file handling. This issue is fixed in Apple TV app for Fire OS 6.1.0.6A142:7.1.0. An attacker with file system access may modify scripts used by the app.... Read more

    Affected Products : apple_tv
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2006-4038

    Multiple cross-site scripting (XSS) vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gastname or (2) gastwohnort parameters.... Read more

    Affected Products : gaestechaos
    • Published: Aug. 09, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2013-7280

    Buffer overflow in HansoTools Hanso Player 2.1.0, 2.5.0, and earlier allows remote attackers to cause a denial of service (crash) via a long string in a .m3u file.... Read more

    Affected Products : hanso_player
    • Published: Jan. 08, 2014
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2021-38751

    A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can change links on the webpage to an arbitrary value, leading to a possible attack vector for MITM.... Read more

    Affected Products : exponent_cms exponentcms
    • Published: Aug. 16, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-4900

    Cross-site scripting (XSS) vulnerability in the logon page in RSA EnVision 3.3.6 Build 0115 allows remote attackers to inject arbitrary web script or HTML via the username field.... Read more

    Affected Products : envision
    • Published: Sep. 14, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 293633 Results