Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2012-4668

    Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email.... Read more

    Affected Products : webmail roundcube_webmail
    • Published: Aug. 25, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-2219

    Cross-site scripting (XSS) vulnerability in whizzywig/wb.php in CMSimple Classic 3.54 and earlier, possibly as downloaded before February 26, 2014, allows remote attackers to inject arbitrary web script or HTML via the d parameter.... Read more

    Affected Products : cmsimple_classic
    • Published: Mar. 20, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-0366

    IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 might allow remote attackers to obtain sensitive information by leveraging weak encryption. IBM X-Force ID: 112071.... Read more

    • Published: Feb. 21, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-1366

    Cross-site scripting (XSS) vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the image_user parameter.... Read more

    Affected Products : pixabay_images
    • Published: Jan. 27, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-4612

    Cross-site scripting (XSS) vulnerability in EMC RSA Data Protection Manager Appliance and Software Server 2.7.x and 3.x before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • Published: Nov. 16, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-1385

    Cross-site scripting (XSS) vulnerability in the Blubrry PowerPress Podcasting plugin before 6.0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cat parameter in a powerpress-editcategoryfeed action in the powerpressa... Read more

    Affected Products : powerpress powerpress_podcasting
    • Published: Feb. 02, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2022-1561

    Lura and KrakenD-CE versions older than v2.0.2 and KrakenD-EE versions older than v2.0.0 do not sanitize URL parameters correctly, allowing a malicious user to alter the backend URL defined for a pipe when remote users send crafty URL requests. The vulner... Read more

    Affected Products : krakend lura
    • Published: Aug. 01, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-4604

    The TRITON management console in Websense Web Security before 7.6 Hotfix 24 allows remote attackers to bypass authentication and read arbitrary reports via a crafted uid field, in conjunction with a crafted userRoles field, in a cookie, as demonstrated by... Read more

    Affected Products : websense_web_security
    • Published: Aug. 23, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-4596

    Cross-site scripting (XSS) vulnerability in index.php in PHP Inventory 1.2 allows remote attackers to inject arbitrary web script or HTML via the sup_id parameter in a suppliers details action.... Read more

    Affected Products : php_inventory
    • Published: Jan. 12, 2010
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-6215

    Cross-site scripting (XSS) vulnerability in cadena_ofertas_ext.php in Venalsur Booking Centre Booking System for Hotels Group allows remote attackers to inject arbitrary web script or HTML via the OfertaID parameter.... Read more

    Affected Products : booking_system_for_hotels_group
    • Published: Feb. 20, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2014-1232

    Cross-site scripting (XSS) vulnerability in the Foliopress WYSIWYG plugin before 2.6.8.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : wordpress foliopress_wysiwyg
    • Published: Jan. 08, 2014
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2019-4593

    IBM QRadar 7.3.0 to 7.3.3 Patch 2 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-ForceID: 167743.... Read more

    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2008-0749

    Cross-site scripting (XSS) vulnerability in index.php in Calimero.CMS 3.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a calimero_webpage action.... Read more

    Affected Products : calimero.cms
    • Published: Feb. 13, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2014-4526

    Multiple cross-site scripting (XSS) vulnerabilities in callback.php in the efence plugin 1.3.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) message, (2) zoneid, (3) pubKey, or (4) privKey parameter.... Read more

    Affected Products : efence
    • Published: Jul. 02, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4604

    Cross-site scripting (XSS) vulnerability in settings/pwsettings.php in the Your Text Manager plugin 0.3.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the ytmpw parameter.... Read more

    Affected Products : your-text-manager
    • Published: Jul. 02, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4554

    Cross-site scripting (XSS) vulnerability in templates/download.php in the SS Downloads plugin before 1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title parameter.... Read more

    Affected Products : ss_downloads
    • Published: Jul. 02, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4541

    Cross-site scripting (XSS) vulnerability in shortcode-generator/preview-shortcode-external.php in the OMFG Mobile Pro plugin 1.1.26 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter.... Read more

    Affected Products : omfg_mobile
    • Published: Jul. 02, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2007-5493

    The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows attackers to hide the sender field of an SMS message via a malformed WAP PUSH message that causes the PDU to be incorrectly decoded.... Read more

    Affected Products : windows_mobile windows_mobile
    • Published: Oct. 18, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-6127

    Multiple cross-site scripting (XSS) vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) page and (2) query parameters to (a) index.php, (3) cat and (4) file parameters to (b) download.p... Read more

    Affected Products : mozilocms
    • Published: Feb. 13, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2011-0641

    Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/admin.php in the StatPressCN plugin 1.9.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) what1, (2) what2, (3) what3, (4) what4, and (5) what5 paramet... Read more

    Affected Products : wordpress statpresscn
    • Published: Jan. 25, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 294848 Results