Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2010-2917

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in AJ Square AJ Article 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) emailid, (2) fname, (3) lname, (4) company, (5) address1, (6) address2, (7) city, (8) st... Read more

    Affected Products : aj_article
    • Published: Jul. 30, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-5089

    Directory traversal vulnerability in index.php in IdeaCart 0.02 and 0.02a allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter.... Read more

    Affected Products : ideacart
    • Published: Sep. 12, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-1723

    The NativeKey widget in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 processes key messages after destruction by a dispatched event listener, which allows remote attackers to cause a denial of service (application crash)... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Sep. 18, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-4786

    Multiple cross-site scripting (XSS) vulnerabilities in Pligg before 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to (1) admin/admin_config.php, (2) admin/admin_modules.php, (3) delete.php, (4) editlink.ph... Read more

    Affected Products : pligg_cms
    • Published: Apr. 21, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-4697

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in RadNICS Gold 5 allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter in a ulist action and the (2) fid parameter in a view_forum action.... Read more

    Affected Products : radnics
    • Published: Mar. 10, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-0053

    PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before 6.2.4.1.1, 6.2.5, 6.2.6, 6.2.7 before 6.2.7.7, 6.3 before 6.3.0.4, and 6.5 before 6.5.0.2; and Cisco IronPort PostX 6.2.1 before 6.2.1.1 and 6.2.2 before 6.2.2.3; allows remote attackers t... Read more

    • Published: Jan. 16, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-0417

    Cross-site scripting (XSS) vulnerability in the AgaviWebRouting::gen(null) method in Agavi 0.11 before 0.11.6 and 1.0 before 1.0.0 beta 8 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with certain characters that are not... Read more

    Affected Products : agavi
    • Published: Feb. 10, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-4772

    Unspecified vulnerability in the PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal, when a custom checkout completion message is enabled, allows attackers to obtain sensitive informa... Read more

    Affected Products : drupal ubercart
    • Published: Apr. 20, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-3003

    Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.0-11 on Linux allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : insight_diagnostics
    • Published: Sep. 10, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-0487

    Cross-site scripting (XSS) vulnerability in Mahara before 1.0.9 allows remote attackers to inject arbitrary web script or HTML via a crafted forum post.... Read more

    Affected Products : mahara
    • Published: Feb. 09, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2015-4655

    Cross-site scripting (XSS) vulnerability in Synology DiskStation Manager (DSM) before 5.2-5565 Update 1 allows remote attackers to inject arbitrary web script or HTML via the "compound" parameter to entry.cgi.... Read more

    • Published: Jun. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2009-5124

    The Antivirus component in Comodo Internet Security before 3.11.108364.552 allows remote attackers to cause a denial of service (application crash) via a crafted packed file.... Read more

    Affected Products : comodo_internet_security
    • Published: Aug. 26, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2952

    Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to ... Read more

    Affected Products : traffic_server
    • Published: Sep. 13, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-4767

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in Plohni Shoutbox 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) input_name and (2) input_text parameters. NOTE: some of these details are obtained from third... Read more

    Affected Products : shoutbox
    • Published: Apr. 20, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-5113

    Cross-site scripting (XSS) vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the DOC parameter.... Read more

    Affected Products : webglimpse
    • Published: Mar. 19, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-5123

    The Antivirus component in Comodo Internet Security before 3.11.108364.552 allows remote attackers to cause a denial of service (memory consumption) via a crafted compressed file.... Read more

    Affected Products : comodo_internet_security
    • Published: Aug. 26, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-0804

    Cross-site scripting (XSS) vulnerability in index.php in iBoutique 4.0 allows remote attackers to inject arbitrary web script or HTML via the key parameter in a products action.... Read more

    Affected Products : iboutique
    • Published: Mar. 02, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-4573

    Multiple cross-site scripting (XSS) vulnerabilities in the Joomulus (mod_joomulus) module 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the tagcloud parameter in a tags action to (1) tagcloud_ell.swf, (2) tagcloud_eng.s... Read more

    Affected Products : joomla mod_joomulus
    • Published: Jan. 06, 2010
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-0778

    Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.33 and 7.0 before 7.0.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : websphere_application_server
    • Published: Jun. 24, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-5130

    The Rules Service in Websense Email Security before 7.1 allows remote attackers to cause a denial of service (service crash) via an attachment with a crafted size.... Read more

    Affected Products : websense_email_security
    • Published: Aug. 26, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 294528 Results