Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2011-1941

    Open redirect vulnerability in the redirector feature in phpMyAdmin 3.4.x before 3.4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.... Read more

    Affected Products : phpmyadmin
    • Published: Jan. 26, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-1953

    Multiple cross-site scripting (XSS) vulnerabilities in common.php in Post Revolution before 0.8.0c-2 allow remote attackers to inject arbitrary web script or HTML via an attribute of a (1) P, a (2) STRONG, a (3) A, a (4) EM, a (5) I, a (6) IMG, a (7) LI, ... Read more

    Affected Products : post_revolution
    • Published: Jun. 06, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-0887

    The web management portal on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before 1.4.0.49.2 uses predictable session IDs based on time values, which makes it easier for remote attackers to hijack sessions via a brute-force attack on the... Read more

    Affected Products : smcd3g-ccr smcd3g-ccr_firmware
    • Published: Feb. 08, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-1960

    Microsoft Internet Explorer 6 through 9 does not properly implement JavaScript event handlers, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Event Handlers Information Disclosure ... Read more

    • Published: Aug. 10, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1940

    Apple Safari 4.0.5 on Windows sends the "Authorization: Basic" header appropriate for one web site to a different web site named in a Location header received from the first site, which allows remote web servers to obtain sensitive information by logging ... Read more

    Affected Products : safari windows
    • Published: May. 14, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-4794

    Multiple cross-site scripting (XSS) vulnerabilities in the JoomlaSeller JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameters in a jscalen... Read more

    Affected Products : joomla\! com_jscalendar
    • Published: Apr. 27, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-5282

    Multiple cross-site scripting (XSS) vulnerabilities in OpenText ECM (formerly Livelink ECM) 9.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) viewType and (2) sort parameters in a browse action to livelink/livelink; and the (... Read more

    Affected Products : livelink_ecm
    • Published: Nov. 26, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-1951

    lib/logmatcher.c in Balabit syslog-ng before 3.2.4, when the global flag is set and when using PCRE 8.12 and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via a message that does not match a regular exp... Read more

    Affected Products : pcre syslog-ng
    • Published: Jul. 11, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-0909

    Cross-site scripting (XSS) vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to inject arbitrary web script or HTML via the p parameter to an unspecified component, a different vulnerability than CVE-2011-0526.... Read more

    Affected Products : vanilla_forums vanilla
    • Published: Feb. 08, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-4778

    Multiple cross-site scripting (XSS) vulnerabilities in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allow remote attackers to inject arbitrary web script or HTML via the (1) username (aka fmusername), (2)... Read more

    Affected Products : groupware imp
    • Published: Apr. 04, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-13747

    The WooMail - WooCommerce Email Customizer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'template_delete_saved' function in all versions up to, and including, 3.0.34. This makes it possible for a... Read more

    Affected Products :
    • Published: Mar. 05, 2025
    • Modified: Mar. 05, 2025
    • Vuln Type: Injection

  • 4.3

    MEDIUM
    CVE-2011-0837

    Unspecified vulnerability in the Agile Technology Platform component in Oracle Supply Chain Products Suite 9.3.0.2 and 9.3.1 allows remote attackers to affect confidentiality via unknown vectors related to Security.... Read more

    Affected Products : supply_chain_products_suite
    • Published: Apr. 20, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-12606

    The AI Scribe – SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the en... Read more

    Affected Products :
    • Published: Jan. 10, 2025
    • Modified: Jan. 10, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2024-12616

    The Bitly's WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 2.7.3. This makes it possible for authenticated attac... Read more

    Affected Products : bitly
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2011-3598

    Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) a web page title, related to classes/Misc.php; or the (2) return_url or (3) return_desc parameter to displ... Read more

    Affected Products : phppgadmin
    • Published: Oct. 08, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-5314

    Cross-site scripting (XSS) vulnerability in controllers/home_controller.php in BEdita before 3.1 allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter to news/index.... Read more

    Affected Products : bedita bedita
    • Published: Jan. 03, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2010-4909

    Multiple cross-site scripting (XSS) vulnerabilities in PaysiteReviewCMS 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to search.php or the (2) image parameter to image.php.... Read more

    Affected Products : paysitereviewcms
    • Published: Oct. 08, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-4901

    Multiple cross-site scripting (XSS) vulnerabilities in char_map.php in MySource Matrix 3.28.3 allow remote attackers to inject arbitrary web script or HTML via the (1) height or (2) width parameter.... Read more

    Affected Products : mysource_matrix
    • Published: Oct. 08, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-5303

    Cross-site scripting (XSS) vulnerability in the displayError function in timthumb.php in TimThumb before 1.15 (r85), as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to $errorStri... Read more

    Affected Products : timthumb
    • Published: Aug. 21, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2011-0849

    Unspecified vulnerability in Oracle Java Dynamic Management Kit 5.1 allows remote attackers to affect integrity, related to HTML Adaptor.... Read more

    Affected Products : java_dynamic_management_kit
    • Published: Apr. 20, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 293633 Results