Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2015-1204

    Cross-site scripting (XSS) vulnerability in the Save Filters functionality in the WP Slimstat plugin before 3.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fs[resource] parameter in the wp-slim-view-2 page to wp-... Read more

    Affected Products : wp_slimstat
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4778

    IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 do not send an X-Frame-Options HTTP header in response to requests for the login page, which allows remote attackers to conduct clickjacking attacks v... Read more

    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1383

    Cross-site scripting (XSS) vulnerability in the geo search widget in the Geo Mashup plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search key.... Read more

    Affected Products : geo_mashup geo_mashup
    • Published: Feb. 02, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2008-3186

    Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blog (Blogger) allow remote attackers to inject arbitrary web script or HTML via the membername parameter to (1) members.php, (2) comments.php, (3) photos.php, (4) archive.php, or (5) cat.php... Read more

    Affected Products : chipmunk_blogger
    • Published: Jul. 15, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-4168

    Cross-site scripting (XSS) vulnerability in verify_login.jsp in Pro2col Stingray FTS allows remote attackers to inject arbitrary web script or HTML via the form_username parameter (aka user name field).... Read more

    Affected Products : stingray_fts
    • Published: Sep. 22, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2019-15610

    Improper authorization in the Circles app 0.17.7 causes retaining access when an email address was removed from a circle.... Read more

    Affected Products : circles
    • Published: Feb. 04, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2004-2030

    Multiple cross-site scripting (XSS) vulnerabilities in index.jsp for Liferay before 2.2.0 release 10/1/2004 allow remote attackers to inject arbitrary web script or HTML, as demonstrated using the message subject.... Read more

    Affected Products : liferay_enterprise_portal
    • Published: May. 22, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2010-3466

    Cross-site scripting (XSS) vulnerability in index.php in the hosted_signup module in NetArt Media iBoutique.MALL 1.2 allows remote attackers to inject arbitrary web script or HTML via the tmpl parameter. NOTE: some of these details are obtained from thir... Read more

    Affected Products : iboutique.mall
    • Published: Sep. 17, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-0838

    Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface in Sophos ES1000 and ES4000 Email Security Appliance 2.1.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) error and (2) go parameters to t... Read more

    Affected Products : es1000 es4000
    • Published: Feb. 20, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2022-23709

    A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. A user with this privilege would be able to create new alerting rules or overwrite existing ones. However, any new or modified rules would n... Read more

    Affected Products : kibana
    • Published: Mar. 03, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-3793

    A vulnerability in the TCP normalizer of Cisco Adaptive Security Appliance (ASA) Software (8.0 through 8.7 and 9.0 through 9.6) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause Cisco ASA and FTD to... Read more

    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2009-2221

    Cross-site scripting (XSS) vulnerability in PHP-I-BOARD 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : php-i-board
    • Published: Jun. 26, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-0851

    Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to inscription.php, (2) courseCode parameter to main/calendar/myagenda.php, (3) category param... Read more

    Affected Products : e-learning_system dokeos
    • Published: Feb. 21, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2015-2926

    Cross-site scripting (XSS) vulnerability in Php/stats/statsRecent.inc.php in phpTrafficA 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header to index.php.... Read more

    Affected Products : phptraffica
    • Published: Apr. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-1550

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via unknown vectors related to WorkCenter.... Read more

    Affected Products : peoplesoft_products
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-5485

    Cross-site scripting (XSS) vulnerability in the Event Import page (import-eventbrite-events.php) in the Modern Tribe Eventbrite Tickets plugin before 3.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "error" param... Read more

    Affected Products : eventbrite_tickets
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-1435

    The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware dete... Read more

    • Published: Mar. 21, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-7852

    Cross-site scripting (XSS) vulnerability in JBoss RichFaces, as used in JBoss Portal 6.1.1, allows remote attackers to inject arbitrary web script or HTML via crafted URL, which is not properly handled in a CSS file.... Read more

    • Published: Dec. 11, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2018-2008

    IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 could disclose sensitive information to an authenticated user that could aid in further attacks against the system. IBM X-Force ID: 155146.... Read more

    Affected Products : tririga_application_platform
    • Published: May. 07, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-16554

    A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression.... Read more

    Affected Products : build_failure_analyzer
    • Published: Dec. 17, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 293667 Results