Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2015-4420

    Multiple cross-site scripting (XSS) vulnerabilities in Opsview 4.6.2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) crafted check plugin, the (2) description in a host profile, or the (3) plugin_args parameter to a Tes... Read more

    Affected Products : opsview
    • Published: Jun. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4587

    Cross-site scripting (XSS) vulnerability in the Alcatel-Lucent CellPipe 7130 router with firmware 1.0.0.20h.HOL allows remote attackers to inject arbitrary web script or HTML via the "Custom application" field in the "port triggering" menu.... Read more

    • Published: Jun. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2011-2652

    Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via a crafted archive file list that is used in an overlay file.... Read more

    Affected Products : kiwi suse_studio_onsite
    • Published: Aug. 23, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-3134

    Cross-site scripting (XSS) vulnerability in the InfoView application in SAP BusinessObjects allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : businessobjects
    • Published: Apr. 30, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-5388

    Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9AYK5F.... Read more

    Affected Products : lotus_domino
    • Published: Oct. 22, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1068

    Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi in NetWin SurgeFTP 2.3a6 allow remote attackers to inject arbitrary web script or HTML via the (1) domainid or (2) classid parameter in a class action.... Read more

    Affected Products : surgeftp
    • Published: Mar. 23, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-3758

    Cross-site scripting (XSS) vulnerability in the BibTex Publications (si_bibtex) extension 0.2.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via vectors related to the import functionality.... Read more

    Affected Products : si_bibtex
    • Published: May. 16, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2008-2848

    Cross-site scripting (XSS) vulnerability in the search functionality in MindTouch DekiWiki before 8.05.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : dekiwiki
    • Published: Jun. 25, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-1080

    Cross-site scripting (XSS) vulnerability in view.php in Pulse CMS 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter.... Read more

    Affected Products : pulse_cms
    • Published: Mar. 23, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1079

    Cross-site scripting (XSS) vulnerability in Sawmill before 7.2.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : sawmill
    • Published: Mar. 23, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2007-3042

    Cross-site scripting (XSS) vulnerability in Meneame before 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : meneame
    • Published: Jun. 05, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-3009

    Format string vulnerability in the MprLogToFile::logEvent function in Mbedthis AppWeb 2.0.5-4, when the build supports logging but the configuration disables logging, allows remote attackers to cause a denial of service (daemon crash) via format string sp... Read more

    Affected Products : appweb mbedthis_appweb_http_server
    • Published: Jun. 04, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-1113

    Cross-site scripting (XSS) vulnerability in the forum page in Web Server Creator - Web Portal 0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to index.php.... Read more

    Affected Products : web_server_creator_web_portal
    • Published: Mar. 25, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2007-3001

    Multiple cross-site scripting (XSS) vulnerabilities in PHP JackKnife (PHPJK) allow remote attackers to inject arbitrary web script or HTML via (1) the sUName parameter to UserArea/Authenticate.php, (2) the sAccountUnq parameter to UserArea/NewAccounts/ind... Read more

    Affected Products : php_jackknife
    • Published: Jun. 04, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2015-0910

    Cross-site scripting (XSS) vulnerability in TAGAWA Takao TransmitMail 1.0.11 through 1.5.8 allows remote attackers to inject arbitrary web script or HTML via a crafted filename.... Read more

    Affected Products : transmitmail
    • Published: Apr. 24, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2010-0864

    Unspecified vulnerability in the Retail - Oracle Retail Place In-Season component in Oracle Industry Product Suite 12.2 allows remote attackers to affect integrity via unknown vectors related to Online Help.... Read more

    Affected Products : industry_product_suite
    • Published: Apr. 13, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-3632

    Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted GIF in a PDF file.... Read more

    • Published: May. 01, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2011-2958

    Multiple cross-site scripting (XSS) vulnerabilities in Ecava IntegraXor before 3.60 (Build 4080) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : integraxor
    • Published: Jul. 28, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-3397

    Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON, arrays, and Internet Explorer 6 or 7.... Read more

    Affected Products : yii yiiframework
    • Published: May. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-3300

    Multiple cross-site scripting (XSS) vulnerabilities in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allow remote attackers to inject arbitrary web script or HTML via the (1)... Read more

    • Published: May. 14, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 294068 Results