Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2012-2598

    Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 through Update 2 allows remote attackers to cause a denial of service (agent outage) via crafted input.... Read more

    Affected Products : wincc
    • Published: Jun. 08, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-2706

    Cross-site scripting (XSS) vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to user registration.... Read more

    Affected Products : drupal post_affiliate_pro
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-3842

    Multiple cross-site scripting (XSS) vulnerabilities in CMD_DOMAIN in JBMC Software DirectAdmin 1.403 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via the (1) select0 or (2) select8 parameters.... Read more

    Affected Products : directadmin
    • Published: Jul. 03, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-3837

    Multiple cross-site scripting (XSS) vulnerabilities in apps/users/registration.template.php in Baby Gekko 1.2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) email_address, (3) password, (4) password_v... Read more

    Affected Products : baby_gekko
    • Published: Jul. 03, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-3831

    Cross-site scripting (XSS) vulnerability in decoda/templates/video.php in Decoda before 3.3.1 allows remote attackers to inject arbitrary web script or HTML via multiple URLs in an img tag.... Read more

    Affected Products : decoda
    • Published: Jul. 03, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-3843

    Cross-site scripting (XSS) vulnerability in the registration page in e107, probably 1.0.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : e107
    • Published: Jul. 03, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-2641

    Cross-site scripting (XSS) vulnerability in Zenphoto before 1.4.3 allows remote attackers to inject arbitrary web script or HTML by triggering improper interaction with an unspecified library.... Read more

    Affected Products : zenphoto
    • Published: Jul. 05, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-2446

    Cross-site scripting (XSS) vulnerability in tools/local_lookup.php in the WebAdmin Portal in Netsweeper allows remote attackers to inject arbitrary web script or HTML via the group parameter in a lookup action.... Read more

    Affected Products : netsweeper
    • Published: Jul. 09, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-4307

    Cross-site scripting (XSS) vulnerability in mod/wiki/lang/en/wiki.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the section parameter.... Read more

    Affected Products : moodle
    • Published: Jul. 11, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-4303

    lib/db/upgrade.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not set the correct registration_hubs.secret value during installation, which allows remote attackers to bypass intended access restrictions by leveraging the hubs feature.... Read more

    Affected Products : moodle
    • Published: Jul. 11, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-3805

    Multiple cross-site scripting (XSS) vulnerabilities in the getAllPassedParams function in system/functions.php in Kajona before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) absender_name, (2) absender_email, or (3) absen... Read more

    Affected Products : kajona
    • Published: Jul. 12, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-1715

    Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity, related to HTML Pages.... Read more

    Affected Products : e-business_suite
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-5700

    Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.2f allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/index.php or the (2) username or (3) password parameter in blocks/loginbox/logi... Read more

    Affected Products : baby_gekko
    • Published: Sep. 22, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2007-5136

    Cross-site scripting (XSS) vulnerability in DFD Cart 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : dfd_cart
    • Published: Sep. 28, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-3578

    PHPIDS before 20070703 does not properly handle (1) arithmetic expressions and (2) unclosed comments, which allows remote attackers to inject arbitrary web script.... Read more

    Affected Products : phpids
    • Published: Jul. 05, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2018-1753

    IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 148514.... Read more

    Affected Products : security_key_lifecycle_manager
    • Published: Oct. 08, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-30531

    Cross-Site Request Forgery (CSRF) vulnerability in GBS Developer WP Ride Booking allows Cross Site Request Forgery. This issue affects WP Ride Booking: from n/a through 2.4.... Read more

    Affected Products :
    • Published: Mar. 24, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2025-30534

    Cross-Site Request Forgery (CSRF) vulnerability in captcha.soft Image Captcha allows Cross Site Request Forgery. This issue affects Image Captcha: from n/a through 1.2.... Read more

    Affected Products :
    • Published: Mar. 24, 2025
    • Modified: Mar. 27, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2022-3098

    The Login Block IPs WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : login_block_ips
    • Published: Sep. 26, 2022
    • Modified: May. 22, 2025

  • 4.3

    MEDIUM
    CVE-2018-21095

    Certain NETGEAR devices are affected by stored XSS. This affects SRR60 before 2.2.1.210 and SRS60 before 2.2.1.210.... Read more

    • Published: Apr. 27, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294717 Results