Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2023-37890

    Missing Authorization vulnerability in WPOmnia KB Support – WordPress Help Desk and Knowledge Base allows Accessing Functionality Not Properly Constrained by ACLs. Users with a role as low as a subscriber can view other customers.This issue affects KB Sup... Read more

    Affected Products : kb_support kb_support
    • Published: Nov. 30, 2023
    • Modified: Feb. 11, 2025

  • 4.3

    MEDIUM
    CVE-2005-3047

    Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFaq 1.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PMF_CONF[version] parameter to footer.php or (2) PMF_LANG[metaLanguage] to header.php.... Read more

    Affected Products : phpmyfaq
    • Published: Sep. 24, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1443

    Cross-site scripting (XSS) vulnerability in the inline MIME viewer in Horde-IMP (Internet Messaging Program) 3.2.4 and earlier, when used with Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via an e-mail message.... Read more

    Affected Products : imp
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3638

    Cross-site scripting (XSS) vulnerabilities in Ekinboard 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in profile.php and (2) titles of posts.... Read more

    Affected Products : ekinboard
    • Published: Nov. 16, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2024-36050

    Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request.... Read more

    Affected Products :
    • Published: May. 18, 2024
    • Modified: Jun. 27, 2025

  • 4.3

    MEDIUM
    CVE-2004-2766

    Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02 allows remote attackers to obtain unspecified "access" to e-mail via a crafted e-mail message, related to a "session hijacking" issue, a different vulnerability than... Read more

    • Published: Jan. 28, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2004-2749

    Directory traversal vulnerability in wra/public/wralogin in 2Wire Gateway, possibly as used in HomePortal and other product lines, allows remote attackers to read arbitrary files via a .. (dot dot) in the return parameter. NOTE: this issue was reported a... Read more

    Affected Products : homeportal
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0080

    Cross-site scripting (XSS) vulnerability in vBulletin 3.5.2, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the title of an event, which is not properly filtered by (1) calendar.php and (2) reminder.php.... Read more

    Affected Products : vbulletin
    • Published: Jan. 04, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1975

    Cross-site scripting (XSS) vulnerability in the category module in pafiledb.php for paFileDB 3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a vulnerability that is closely related to CVE-2004-1551.... Read more

    Affected Products : pafiledb
    • Published: Apr. 27, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3544

    Cross-site scripting (XSS) vulnerability in u2u.php in XMB 1.9.3 allows remote attackers to inject arbitrary web script or HTML via the username parameter.... Read more

    Affected Products : xmb
    • Published: Nov. 16, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1720

    Cross-site scripting (XSS) vulnerability in search.php in SaphpLesson 3.0 allows remote attackers to inject arbitrary web script or HTML via the Word parameter. NOTE: it is possible that this issue is resultant from SQL injection.... Read more

    Affected Products : saphplesson
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2021-22890

    curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the... Read more

    • Published: Apr. 01, 2021
    • Modified: Jun. 09, 2025

  • 4.3

    MEDIUM
    CVE-2005-3025

    Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the loc parameter to (1) modcp/index.php or (2) admincp/index.php, or the ip parameter to (3) modcp/user.p... Read more

    Affected Products : vbulletin
    • Published: Sep. 21, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4328

    Cross-site scripting (XSS) vulnerability in webglimpse.cgi in Webglimpse 2.14.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the ID parameter.... Read more

    Affected Products : webglimpse
    • Published: Dec. 17, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2021-4316

    Inappropriate implementation in Cast UI in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to spoof browser UI via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : chrome
    • Published: Jul. 29, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2006-0093

    Cross-site scripting (XSS) vulnerability in index.php in @Card ME PHP allows remote attackers to inject arbitrary web script or HTML via the cat parameter.... Read more

    Affected Products : atcard_me_php
    • Published: Jan. 05, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1775

    Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the (1) Site Description field in (a) admin_board.php, the (2) Group name and (3) Group description fields in (b) admin_g... Read more

    Affected Products : phpbb
    • Published: Apr. 13, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4282

    Cross-site scripting (XSS) vulnerability in Zaygo DomainCart 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML, possibly via the root parameter to zaygo.cgi.... Read more

    Affected Products : domaincart
    • Published: Dec. 16, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2021-44186

    Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASL... Read more

    Affected Products : macos windows bridge
    • Published: Dec. 07, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-38751

    Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the organization information of the information receiver that is set as "non-disclosure" in the... Read more

    • Published: Aug. 09, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293698 Results