Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2005-3501

    The cabd_find function in cabd.c of the libmspack library (mspack) for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted CAB file that causes cabd_find to be called with a zero length.... Read more

    Affected Products : clamav
    • Published: Nov. 05, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1411

    Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) the shownew parameter in gallery.asp and (2) unspecified search module parameters.... Read more

    Affected Products : absolute_image_gallery_xe
    • Published: Mar. 28, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3473

    Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog 0.4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entry, (2) blog_subject, and (3) blog_text parameters (involving the temp_subject variable) ... Read more

    Affected Products : simple_php_blog
    • Published: Nov. 03, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-0274

    Multiple cross-site scripting (XSS) vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) si, (3) page, or (4) ppuser parameters.... Read more

    Affected Products : photopost_php_pro
    • Published: Jan. 03, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-0323

    Cross-site scripting (XSS) vulnerability in Infinite Mobile Delivery Webmail 2.6 allows remote attackers to inject arbitrary web script or HTML via the URL.... Read more

    Affected Products : infinite_mobile_delivery_webmail
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2063

    Cross-site scripting (XSS) vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers to inject arbitrary HTML or web script via the feedback parameter.... Read more

    Affected Products : antiboard
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3428

    Cross-site scripting (XSS) vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to inject arbitrary web script or HTML via a message body.... Read more

    Affected Products : mailsite_express
    • Published: Nov. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2012-0496

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.... Read more

    Affected Products : mysql
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-2728

    The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.... Read more

    Affected Products : perl
    • Published: Dec. 21, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-2771

    Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) URI attributes and (2) the External Feed component, as demonstrated by the guid element in ... Read more

    Affected Products : mahara
    • Published: Nov. 15, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-4670

    Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 5.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) viewname parameter in a CalendarAjax action, (2) activity_mode parameter in a DetailView action, ... Read more

    Affected Products : vtiger_crm
    • Published: Dec. 02, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-2800

    Google Chrome before 13.0.782.107 allows remote attackers to obtain potentially sensitive information about client-side redirect targets via a crafted web site.... Read more

    Affected Products : debian_linux chrome iphone_os safari
    • Published: Aug. 03, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-1650

    The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxRenameCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated a... Read more

    Affected Products : categorify
    • Published: Feb. 27, 2024
    • Modified: Jan. 07, 2025

  • 4.3

    MEDIUM
    CVE-2024-1645

    The Mollie Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportRegistrations function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with ... Read more

    Affected Products : mollie_forms
    • Published: Mar. 11, 2024
    • Modified: Jan. 21, 2025

  • 4.3

    MEDIUM
    CVE-2023-4903

    Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)... Read more

    • Published: Sep. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2011-4776

    Multiple cross-site scripting (XSS) vulnerabilities in the Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by admin/update/sett... Read more

    • Published: Dec. 16, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2007-3741

    The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp allow user-assisted remote attackers to cause a denial of service (crash or memory consumption) via crafted image files, as discovered using the fusil fuzzing tool.... Read more

    Affected Products : linux gimp
    • Published: Aug. 27, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2011-2644

    Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to an RPM info display.... Read more

    Affected Products : kiwi suse_studio_onsite
    • Published: Aug. 23, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-4814

    Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) admin/boxes.php, (3) comm/clients.php, (4) commande/index.p... Read more

    Affected Products : dolibarr_erp\/crm
    • Published: Dec. 14, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-5765

    The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5767.... Read more

    Affected Products : iphone_os safari
    • Published: Sep. 18, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 294853 Results