Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2010-1594

    Multiple cross-site scripting (XSS) vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to inject arbitrary web script or HTML via (1) the query string, (2) the BASE parameter, or (3) the ega_1 parameter. NOTE: some ... Read more

    Affected Products : ocs_inventory_ng
    • Published: Apr. 28, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-3393

    Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors.... Read more

    Affected Products : e-business_suite
    • Published: Oct. 22, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-1233

    Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to cause a denial of service (application crash) via an XML document containing many nested A elements.... Read more

    Affected Products : safari windows
    • Published: Apr. 02, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-1217

    Off-by-one error in the GpFont::SetData function in gdiplus.dll in Microsoft GDI+ on Windows XP allows remote attackers to cause a denial of service (stack corruption and application termination) via a crafted EMF file that triggers an integer overflow, a... Read more

    Affected Products : windows_xp gdi\+
    • Published: Apr. 01, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-4525

    Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.9 and 6.x before 6.x-1.9, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via crafted data in a list o... Read more

    Affected Products : drupal print
    • Published: Dec. 31, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-1614

    Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the Login-As feature or (2) when the global search feature is... Read more

    Affected Products : moodle
    • Published: Apr. 29, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-0699

    Cross-site scripting (XSS) vulnerability in index.php in VideoSearchScript Pro 3.5 allows remote attackers to inject arbitrary web script or HTML via the q parameter.... Read more

    Affected Products : videosearchscript_pro
    • Published: Feb. 23, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-3496

    Cross-site scripting (XSS) vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to inject arbitrary web script or HTML via the mag_id parameter.... Read more

    Affected Products : dvd_zone
    • Published: Sep. 30, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-1160

    Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)1, 7.1 before 7.1(2)74, 7.2 before 7.2(4)9, and 8.0 before 8.0(4)5 do not properly implement the implicit deny statement, which might allow remote attackers ... Read more

    • Published: Apr. 09, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-1321

    Cross-site scripting (XSS) vulnerability in search.asp in ASP Product Catalog 1.0 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.... Read more

    Affected Products : asp_product_catalog
    • Published: Apr. 17, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-1202

    WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and conduct cross-site scripting (XSS) attacks... Read more

    • Published: Jun. 25, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-2380

    Cross-site scripting (XSS) vulnerability in includes/functions.php in 4images 1.7 through 1.7.7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the url variable.... Read more

    Affected Products : 4images
    • Published: Jul. 08, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-4524

    Cross-site scripting (XSS) vulnerability in the RealName module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a realname (aka real name) element.... Read more

    Affected Products : drupal realname
    • Published: Dec. 31, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-2322

    Cross-site scripting (XSS) vulnerability in cgi-bin/sysconf.cgi on the Axesstel MV 410R allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : mv_410r
    • Published: Jul. 05, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-4497

    Cross-site scripting (XSS) vulnerability in LXR Cross Referencer 0.9.5 and 0.9.6 allows remote attackers to inject arbitrary web script or HTML via the i parameter to the ident program.... Read more

    Affected Products : lxr_cross_referencer lxr
    • Published: Jan. 07, 2010
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3397

    Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors.... Read more

    Affected Products : e-business_suite
    • Published: Oct. 22, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-4518

    Cross-site scripting (XSS) vulnerability in the Insert Node module 5.x before 5.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via an inserted node.... Read more

    Affected Products : drupal insertnode
    • Published: Dec. 31, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-2413

    Unspecified vulnerability in the BI Publisher component in Oracle Fusion Middleware 10.1.3.3.2 and 10.1.3.4.1 allows remote attackers to affect integrity via unknown vectors.... Read more

    Affected Products : fusion_middleware
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-2351

    Opera 9.52 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of... Read more

    Affected Products : opera_browser
    • Published: Jul. 07, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2014-8616

    Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.2.x before 5.2.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) user group or (2) vpn template menus.... Read more

    Affected Products : fortios
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293690 Results