Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2009-3437

    Cross-site scripting (XSS) vulnerability in the live preview feature in the Markdown Preview module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via "Markdown input."... Read more

    Affected Products : drupal markdown_preview
    • Published: Sep. 28, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3397

    Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors.... Read more

    Affected Products : e-business_suite
    • Published: Oct. 22, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3496

    Cross-site scripting (XSS) vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to inject arbitrary web script or HTML via the mag_id parameter.... Read more

    Affected Products : dvd_zone
    • Published: Sep. 30, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3393

    Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors.... Read more

    Affected Products : e-business_suite
    • Published: Oct. 22, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3399

    Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 7.0.6 and 8.1.5 allows remote attackers to affect integrity, related to WLS Console.... Read more

    Affected Products : bea_product_suite
    • Published: Oct. 22, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-4786

    Multiple cross-site scripting (XSS) vulnerabilities in Pligg before 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to (1) admin/admin_config.php, (2) admin/admin_modules.php, (3) delete.php, (4) editlink.ph... Read more

    Affected Products : pligg_cms
    • Published: Apr. 21, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-4984

    Multiple cross-site scripting (XSS) vulnerabilities in Accessories Me PHP Affiliate Script 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Keywords parameter to search.php and (2) SearchIndex parameter to browse.php.... Read more

    • Published: Aug. 25, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2018-8289

    An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8297, CVE-2018-8324, CVE-2... Read more

    Affected Products : edge windows_10
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-2372

    Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1.1 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-2371.... Read more

    Affected Products : supply_chain_products_suite
    • Published: Jul. 13, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-3360

    Multiple cross-site scripting (XSS) vulnerabilities in Datemill 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) return parameter to photo_view.php, and st parameter to (2) photo_search.php and (3) search.php.... Read more

    Affected Products : datemill
    • Published: Sep. 24, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-4343

    Cross-site scripting (XSS) vulnerability in the Training Company Database (trainincdb) extension 0.4.7 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : typo3 trainincdb
    • Published: Dec. 17, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2015-5715

    The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via u... Read more

    Affected Products : wordpress
    • Published: May. 22, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-11583

    The Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_zipped_font' function in all versions up to, and including... Read more

    Affected Products : borderless
    • Published: Jan. 30, 2025
    • Modified: Jan. 31, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2010-0556

    browser/login/login_prompt.cc in Google Chrome before 4.0.249.89 populates an authentication dialog with credentials that were stored by Password Manager for a different web site, which allows user-assisted remote HTTP servers to obtain sensitive informat... Read more

    Affected Products : chrome
    • Published: Feb. 18, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-3416

    Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows remote attackers to affect integrity via unknown vectors.... Read more

    Affected Products : e-business_suite
    • Published: Jan. 13, 2010
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3444

    Cross-site scripting (XSS) vulnerability in email.php in e107 0.7.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header in a news.1 (aka news to email) action.... Read more

    Affected Products : e107
    • Published: Sep. 28, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3427

    Cross-site scripting (XSS) vulnerability in Kayako SupportSuite 3.50.06 allows remote attackers to inject arbitrary web script or HTML via the subject field in a ticket.... Read more

    Affected Products : supportsuite
    • Published: Sep. 25, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2011-1765

    Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.5, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .shtml at the... Read more

    Affected Products : internet_explorer mediawiki
    • Published: May. 23, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-3283

    Cross-site scripting (XSS) vulnerability in phpspot PHP BBS, PHP Image Capture BBS, PHP & CSS BBS, PHP BBS CE, PHP_RSS_Builder, and webshot, dated before 20090914, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors rela... Read more

    • Published: Sep. 22, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3320

    Cross-site scripting (XSS) vulnerability in scrivi.php in Zenas PaoLink (aka Pao-Link) 1.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.... Read more

    Affected Products : paolink
    • Published: Sep. 23, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 293620 Results