Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2008-2000

    Unspecified vulnerability in Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls document.write in an infinite loop.... Read more

    Affected Products : safari
    • Published: Apr. 28, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-2046

    Cross-site scripting (XSS) vulnerability in index.php in Softpedia SiteXS CMS 0.1.1 Pre-Alpha allows remote attackers to inject arbitrary web script or HTML via the user parameter.... Read more

    Affected Products : sitexs_cms
    • Published: May. 01, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-1980

    Cross-site scripting (XSS) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal e-publish
    • Published: Apr. 27, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-2861

    Multiple cross-site scripting (XSS) vulnerabilities in eLineStudio Site Composer (ESC) 2.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topic and (2) button parameters to ansFAQ.asp and the (3) id and (4) txtEmail ... Read more

    Affected Products : site_composer
    • Published: Jun. 25, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-2855

    Cross-site scripting (XSS) vulnerability in clanek.php in OwnRS Beta 3 allows remote attackers to inject arbitrary web script or HTML via the id parameter.... Read more

    Affected Products : ownrs
    • Published: Jun. 25, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-2637

    Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in vdesk/admincon/webyfi... Read more

    Affected Products : firepass_ssl_vpn
    • Published: Jun. 10, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-3708

    Multiple directory traversal vulnerabilities in dotCMS 1.6.0.9 allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter to (1) news/index.dot and (2) getting_started/macros/macros_detail.dot.... Read more

    Affected Products : dotcms
    • Published: Aug. 19, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-0122

    Cross-site scripting (XSS) vulnerability in Public/Index.asp in Aquifer CMS allows remote attackers to inject arbitrary web script or HTML via the Keyword parameter.... Read more

    Affected Products : aquifer_cms
    • Published: Jan. 09, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2008-1986

    Cross-site scripting (XSS) vulnerability in liste_article.php in Blog Pixel Motion (aka PixelMotion) allows remote attackers to inject arbitrary web script or HTML via the jours parameter.... Read more

    Affected Products : pixel_motion_blog
    • Published: Apr. 27, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-2644

    Multiple cross-site scripting (XSS) vulnerabilities in SMEWeb 1.4b and 1.4f allow remote attackers to inject arbitrary web script or HTML via the (1) data parameter to catalog.php, the (2) keyword parameter to search.php, the (3) page parameter to bb.php,... Read more

    Affected Products : smeweb
    • Published: Jun. 10, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-3510

    Cross-site scripting (XSS) vulnerability in livehelp_js.php in Crafty Syntax Live Help (CSLH) 2.14.6 allows remote attackers to inject arbitrary web script or HTML via the department parameter.... Read more

    Affected Products : crafty_syntax_live_help
    • Published: Aug. 07, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-1985

    Cross-site scripting (XSS) vulnerability in base.php in DigitalHive 2.0 RC2 allows remote attackers to inject arbitrary web script or HTML via the mt parameter, possibly related to membres.php.... Read more

    Affected Products : digitalhive
    • Published: Apr. 27, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-1972

    Multiple cross-site scripting (XSS) vulnerabilities in the user account creation feature in Exponent CMS 0.96.6-GA20071003 and earlier, when the Allow Registration? configuration option is enabled, allow remote attackers to inject arbitrary web script or ... Read more

    Affected Products : exponent_cms exponent_cms
    • Published: Apr. 27, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-2698

    Multiple cross-site scripting (XSS) vulnerabilities in photo_add-c.php (aka the "add comment" section) in WEBalbum 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) id, or (3) category parameter.... Read more

    Affected Products : webalbum
    • Published: Jun. 13, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-1019

    Cross-site scripting (XSS) vulnerability in fce.php in UKiBoard 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a BBCode url tag when using the show_post function. NOTE: the provenance of this information is unknown; the details ... Read more

    Affected Products : ukiboard
    • Published: Mar. 07, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2008-2640

    Multiple cross-site scripting (XSS) vulnerabilities in the Flex 3 History Management feature in Adobe Flex 3.0.1 SDK and Flex Builder 3, and generated applications, allow remote attackers to inject arbitrary web script or HTML via the anchor identifier to... Read more

    Affected Products : flex flex_builder
    • Published: Jun. 18, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-1953

    Cross-site scripting (XSS) vulnerability in the Sitedesigner before 1.1.5 search template in Magnolia Enterprise Edition allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is u... Read more

    Affected Products : site_designer
    • Published: Apr. 25, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-1977

    Cross-site request forgery (CSRF) vulnerability in the Internationalization (i18n) Drupal module 5.x before 5.x-2.3 and 5.x-1.1, and 6.x before 6.x-1.0 beta 1, allows remote attackers to change node translation relationships via unspecified vectors.... Read more

    Affected Products : localizer internationalization
    • Published: Apr. 27, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-0846

    Multiple cross-site scripting (XSS) vulnerabilities in Leif M. Wright's Blog 3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Referer and (2) User-Agent HTTP headers, which are stored in a log file and not sanitized when the a... Read more

    Affected Products : web_blog
    • Published: Feb. 22, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2019-20835

    An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It has homograph mishandling.... Read more

    Affected Products : phantompdf reader
    • Published: Jun. 04, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294836 Results