Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2013-4117

    Cross-site scripting (XSS) vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter.... Read more

    • Published: Jul. 16, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2021-24272

    The fitness calculators WordPress plugin before 1.9.6 add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calcul... Read more

    Affected Products : fitness_calculators
    • Published: May. 05, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-3064

    Cross-site scripting (XSS) vulnerability in diary.php in My Databook allows remote attackers to inject arbitrary web script or HTML via the year parameter.... Read more

    Affected Products : my_datebook
    • Published: Jun. 06, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2019-10187

    A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct access to.... Read more

    Affected Products : moodle
    • Published: Jul. 31, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-7141

    Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to crafted "<%" tags.... Read more

    Affected Products : open-xchange_appsuite
    • Published: Jan. 26, 2014
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-6969

    Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link.... Read more

    Affected Products : serendipity
    • Published: Sep. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2008-0335

    Cross-site scripting (XSS) vulnerability in BugTracker.NET before 2.7.2 allows remote attackers to inject arbitrary web script or HTML via an arbitrary custom text field.... Read more

    Affected Products : bugtracker.net
    • Published: Jan. 17, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2014-4734

    Cross-site scripting (XSS) vulnerability in e107_admin/db.php in e107 2.0 alpha2 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter.... Read more

    Affected Products : e107
    • Published: Jul. 21, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2010-4880

    Multiple cross-site scripting (XSS) vulnerabilities in calendar.class.php in ApPHP Calendar (ApPHP CAL) allow remote attackers to inject arbitrary web script or HTML via the (1) category_name, (2) category_description, (3) event_name, or (4) event_descrip... Read more

    Affected Products : apphp_calendar
    • Published: Oct. 07, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-2154

    Cross-site scripting (XSS) vulnerability in the CDN2 Video module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal cdn2_video
    • Published: Aug. 14, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-3418

    Multiple cross-site scripting (XSS) vulnerabilities in NetArt Media Car Portal 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) car_id parameter to index.php and (2) y parameter to include/images.php.... Read more

    Affected Products : car_portal
    • Published: Sep. 16, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2017-18088

    Various plugin servlet resources in Atlassian Bitbucket Server before version 5.3.7 (the fixed version for 5.3.x), from version 5.4.0 before 5.4.6 (the fixed version for 5.4.x), from version 5.5.0 before 5.5.6 (the fixed version for 5.5.x), from version 5... Read more

    Affected Products : bitbucket_server bitbucket
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-9352

    Cross-site scripting (XSS) vulnerability in the mail administration login panel in Scalix Web Access 11.4.6.12377 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : web_access
    • Published: Dec. 09, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9230

    Cross-site scripting (XSS) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : data_loss_prevention
    • Published: Jun. 28, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2019-18246

    BIOTRONIK CardioMessenger II, The affected products do not properly enforce mutual authentication with the BIOTRONIK Remote Communication infrastructure.... Read more

    • Published: Jun. 29, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2002-1965

    Cross-site scripting (XSS) vulnerability in Errors.gsl in Imatix Xitami 2.5b4 and 2.5b5 allows remote attackers to inject arbitrary web script or HTML via the (1) Javascript events, as demonstrated via an onerror event in an IMG SRC tag or (2) User-Agent ... Read more

    Affected Products : xitami
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2011-2754

    Cross-site scripting (XSS) vulnerability in the PageBuilder2 (aka Page Builder) theme in IBM WebSphere Portal 7.x before 7.0.0.1 CF006, as used in IBM Web Content Manager (WCM) and other products, allows remote attackers to inject arbitrary web script or ... Read more

    • Published: Jul. 17, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-1721

    Cross-site request forgery (CSRF) vulnerability in php/partie_administrateur/administration.php in WebJaxe 1.02 allows remote attackers to hijack the authentication of administrators for requests that (1) modify passwords or (2) add new projects. NOTE: s... Read more

    Affected Products : webjaxe
    • Published: Apr. 19, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-0379

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 allows remote attackers to affect integrity via vectors related to PIA Core Technology.... Read more

    Affected Products : peoplesoft_products
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2002-2378

    Cross-site scripting (XSS) vulnerability in AN HTTP 1.41d allows remote attackers to inject arbitrary web script or HTML via a colon (:) in the query string, which is inserted into the resulting error page.... Read more

    Affected Products : an_httpd
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025
Showing 20 of 293678 Results