Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2005-4291

    Cross-site scripting (XSS) vulnerability in cart.cgi in ECTOOLS Onlineshop 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) product, (2) category, and (3) uid parameters.... Read more

    Affected Products : ectools_onlineshop
    • Published: Dec. 16, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4282

    Cross-site scripting (XSS) vulnerability in Zaygo DomainCart 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML, possibly via the root parameter to zaygo.cgi.... Read more

    Affected Products : domaincart
    • Published: Dec. 16, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4328

    Cross-site scripting (XSS) vulnerability in webglimpse.cgi in Webglimpse 2.14.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the ID parameter.... Read more

    Affected Products : webglimpse
    • Published: Dec. 17, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0350

    Cross-site scripting (XSS) vulnerability in eggblog 2.0 allow remote attackers to inject arbitrary web script or HTML via the message field to topic.php.... Read more

    Affected Products : eggblog
    • Published: Jan. 21, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4285

    Cross-site scripting (XSS) vulnerability in pdestore.cgi in Dick Copits PDEstore 1.8 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) the search module parameter or the (2) product and (3) cart_id parameters.... Read more

    Affected Products : pdestore
    • Published: Dec. 16, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0361

    Cross-site scripting (XSS) vulnerability in addcomment.php in Bit 5 Blog 8.01 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in an <a> tag in the comment parameter, which strips most tags but not <a>.... Read more

    Affected Products : bit_5_blog
    • Published: Jan. 22, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-38173

    Microsoft Edge for Android Spoofing Vulnerability... Read more

    Affected Products : edge edge_chromium
    • Published: Jul. 21, 2023
    • Modified: Feb. 28, 2025

  • 4.3

    MEDIUM
    CVE-2005-4248

    Multiple cross-site scripting (XSS) vulnerabilities in QuickPayPro 3.1 allow remote attackers to inject arbitrary web script or HTML via various fields, such as those in (1) communication/subscribers.tracking.add.php, (2) support/tickets.add.php, and (3) ... Read more

    Affected Products : quickpaypro
    • Published: Dec. 15, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0683

    Cross-site scripting (XSS) vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 with v.1 patch and earlier allows remote attackers to inject arbitrary web script or HTML via the username, which is recorded in a log file but not properly handled ... Read more

    Affected Products : virtual_hosting_control_system
    • Published: Feb. 15, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0365

    Cross-site scripting (XSS) vulnerability in XMB (aka extreme message board) allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element.... Read more

    Affected Products : xmb_forum
    • Published: Jan. 22, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4235

    Cross-site scripting (XSS) vulnerability in knowledgebase.php in WHMCompleteSolution 2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameters.... Read more

    Affected Products : whmcompletesolution
    • Published: Dec. 14, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2024-36050

    Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request.... Read more

    Affected Products :
    • Published: May. 18, 2024
    • Modified: Jun. 27, 2025

  • 4.3

    MEDIUM
    CVE-2005-4205

    Cross-site scripting (XSS) vulnerability in searchdb.asp in LocazoList 1.03c and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter.... Read more

    Affected Products : locazolist_classifieds
    • Published: Dec. 13, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0498

    Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN before 1.4 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.... Read more

    Affected Products : php_gen
    • Published: Feb. 01, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2021-39868

    In all versions of GitLab CE/EE since version 8.12, an authenticated low-privileged malicious user may create a project with unlimited repository size by modifying values in a project export.... Read more

    Affected Products : gitlab
    • Published: Oct. 04, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2005-4236

    Cross-site scripting (XSS) vulnerability in search.php in CKGOLD allows remote attackers to inject arbitrary web script or HTML via the search parameters.... Read more

    Affected Products : ckgold_shopping_cart
    • Published: Dec. 14, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0796

    Cross-site scripting (XSS) vulnerability in default.php in Clever Copy 3.0 allows remote attackers to inject arbitrary web script or HTML via the Subject field when sending private messages (privatemessages.php). NOTE: the provenance of this information i... Read more

    Affected Products : clever_copy
    • Published: Feb. 19, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2009-1744

    InstallHFZ.exe 6.5.201.0 in Pinnacle Hollywood Effects 6, a module in Pinnacle Systems Pinnacle Studio 12, allows remote attackers to cause a denial of service (application crash) via a crafted Hollywood FX Compressed Archive (.hfz) file.... Read more

    Affected Products : pinnacle_studio
    • Published: May. 21, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-4109

    Cross-site scripting (XSS) vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : bibliography_module
    • Published: Aug. 14, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2008-1563

    The "decode as" feature in packet-bssap.c in the SCCP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet.... Read more

    Affected Products : wireshark
    • Published: Mar. 31, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 294717 Results