Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2008-4446

    Cross-site scripting (XSS) vulnerability in Nucleus EUC-JP 3.31 SP1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : nucleus
    • Published: Oct. 06, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2020-10517

    An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow un... Read more

    Affected Products : enterprise_server github
    • Published: Aug. 27, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2006-3259

    Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) ep parameter to search.php and the (2) subject parameter in comment.php (aka the Subject field when posting a comme... Read more

    Affected Products : e107
    • Published: Jun. 27, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2008-4435

    Multiple cross-site scripting (XSS) vulnerabilities in the RMSOFT Downloads Plus (rmdp) module 1.5 and 1.7 for Xoops allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to search.php and the (2) id parameter to down.php... Read more

    Affected Products : xoops downloads_plus_module
    • Published: Oct. 03, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2004-2094

    Cross-site scripting (XSS) vulnerability in WebcamXP 1.06.945 allows remote attackers to inject arbitrary HTML or web script as other users via a URL that contains the script.... Read more

    Affected Products : webcam_xp
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2020-11437

    LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database.... Read more

    Affected Products : librehealth_ehr
    • Published: Jul. 15, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2005-4607

    Cross-site scripting (XSS) vulnerability in index.php in BugPort 1.147 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) ids[0], (2) action, (3) report_id, (4) devWherePair[1][1], and (5) binds[0] parameters.... Read more

    Affected Products : bugport
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3155

    Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auction 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) item parameter in (a) emailtofriend.pl or (b) violation.pl, (2) seller parameter in (c) vsoa.... Read more

    Affected Products : ultimate_estate
    • Published: Jun. 22, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2008-5290

    Cross-site scripting (XSS) vulnerability in full_txt.php in Werner Hilversum Clean CMS 1.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter.... Read more

    Affected Products : clean_cms
    • Published: Dec. 01, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2020-12412

    By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain (with the https:// scheme, a blocked port number such as '1', and without a lock icon) while controlling the page contents. This vulnerabili... Read more

    Affected Products : firefox
    • Published: Jul. 09, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2006-3279

    Cross-site scripting (XSS) vulnerability in aeDating 4.1 allows remote attackers to inject arbitrary web script or HTML via the (1) Sex parameter in index.php, (2) ProfileType parameter in join_form.php, and (3) Email parameter in forgot.php.... Read more

    Affected Products : aedating
    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3496

    Cross-site scripting (XSS) vulnerability in PHP Handicapper allows remote attackers to inject arbitrary web script or HTML via the msg parameter to msg.php. NOTE: some sources identify a second vector in the login parameter to process_signup.php, but the... Read more

    Affected Products : php_handicapper
    • Published: Nov. 04, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4571

    Cross-site scripting (XSS) vulnerability in myEZshop Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the Keyword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third p... Read more

    Affected Products : myezshop_shopping_cart
    • Published: Dec. 29, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-2750

    Cross-site scripting (XSS) vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary web scripts or HTML via failed SQL queries, which is reflected in an ... Read more

    Affected Products : open_searchable_image_catalogue
    • Published: Jun. 01, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3306

    Cross-site scripting (XSS) vulnerability in the preparestring function in lib/common.php in Project EROS bbsengine before 20060501-0142-jam, and possibly earlier versions dating back to 2006-02-23, might allow remote attackers to inject arbitrary web scri... Read more

    Affected Products : project_eros_bbsengine
    • Published: Jun. 29, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3015

    Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) BaseTarget or (2) Src parameters.... Read more

    • Published: Sep. 21, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3312

    Multiple cross-site scripting (XSS) vulnerabilities in ashmans and Bill Echlin QaTraq 6.5 RC and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) link_print, (2) link_upgrade, (3) link_sql, (4) link_next, (5) link_prev, an... Read more

    Affected Products : qatraq
    • Published: Jun. 29, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2024-10352

    The Magical Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.4 via the get_content_type function in includes/widgets/content-reveal.php. This makes it possible for authenti... Read more

    Affected Products : magical_addons_for_elementor
    • Published: Nov. 09, 2024
    • Modified: Jan. 29, 2025

  • 4.3

    MEDIUM
    CVE-2005-3570

    Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via "not properly escaped error messages".... Read more

    Affected Products : horde
    • Published: Nov. 16, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3078

    Cross-site scripting (XSS) vulnerability in PunBB before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the "forgotten e-mail" feature.... Read more

    Affected Products : punbb
    • Published: Sep. 27, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 293608 Results