Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2011-4618

    Cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.... Read more

    • Published: Jan. 24, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-2078

    Multiple cross-site scripting (XSS) vulnerabilities in the New Atlanta BlueDragon administrative interface in MediaCAST 8 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : mediacast
    • Published: May. 10, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2023-39301

    A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read application data via a network. We have already fixed the vulne... Read more

    Affected Products : quts_hero qts qutscloud
    • Published: Nov. 03, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2011-2104

    Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to cause a denial of service (memory corruption) via unspecified vectors.... Read more

    Affected Products : mac_os_x acrobat acrobat_reader windows
    • Published: Jun. 16, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-2087

    Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to ... Read more

    Affected Products : struts
    • Published: May. 13, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-14838

    Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multipl... Read more

    • Published: Oct. 21, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-1625

    Cross-site scripting (XSS) vulnerability in LXR Cross Referencer before 0.9.7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the search body and the results page for a search, a different vulnerability than CVE-2009-... Read more

    Affected Products : lxr_cross_referencer lxr
    • Published: Jun. 24, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1614

    Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the Login-As feature or (2) when the global search feature is... Read more

    Affected Products : moodle
    • Published: Apr. 29, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1594

    Multiple cross-site scripting (XSS) vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to inject arbitrary web script or HTML via (1) the query string, (2) the BASE parameter, or (3) the ega_1 parameter. NOTE: some ... Read more

    Affected Products : ocs_inventory_ng
    • Published: Apr. 28, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1707

    Multiple cross-site scripting (XSS) vulnerabilities in register.php in Piwigo 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) login and (2) mail_address parameters.... Read more

    Affected Products : piwigo
    • Published: May. 04, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1520

    Cross-site scripting (XSS) vulnerability in logout.php in TaskFreak! Original multi user before 0.6.4 allows remote attackers to inject arbitrary web script or HTML via the tznMessage parameter.... Read more

    Affected Products : taskfreak\!
    • Published: Jun. 30, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1541

    Multiple cross-site scripting (XSS) vulnerabilities in DFD Cart 1.198, 1.197, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) category and (2) list_quantity parameters to index.php, and the (3) category parameter to y... Read more

    Affected Products : dfd_cart
    • Published: Apr. 26, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-20283

    A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to learn cluster deployment information on an affected device. This vulnerability is due to improper access controls on a specific API endpoint. An attacker could ex... Read more

    Affected Products : nexus_dashboard
    • Published: Apr. 03, 2024
    • Modified: May. 07, 2025

  • 4.3

    MEDIUM
    CVE-2010-1557

    Multiple cross-site scripting (XSS) vulnerabilities in HP Insight Control Server Migration before 6.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • Published: May. 14, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1504

    Cross-site scripting (XSS) vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to inject arbitrary web script or HTML via vectors related to a chrome://downloads URI.... Read more

    Affected Products : chrome
    • Published: Apr. 23, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-11915

    The RRAddons for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.0 via the Popup block due to insufficient restrictions on which posts can be included. This makes it possible for authenticated... Read more

    Affected Products :
    • Published: Jan. 11, 2025
    • Modified: Jan. 11, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2019-15005

    The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. The email message may co... Read more

    • Published: Nov. 08, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-1489

    The XSS Filter in Microsoft Internet Explorer 8 does not properly perform neutering for the SCRIPT tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, a different is... Read more

    Affected Products : internet_explorer
    • Published: Apr. 20, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1464

    Multiple cross-site scripting (XSS) vulnerabilities in WebAsyst Shop-Script FREE allow remote attackers to inject arbitrary web script or HTML via the (1) currency_id_left, (2) currency_id_right, (3) darkcolor, (4) lightcolor, (5) middlecolor, and (6) w p... Read more

    Affected Products : shop-script
    • Published: Apr. 16, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1459

    The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1... Read more

    Affected Products : mono mono
    • Published: May. 27, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 294528 Results