Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2005-3428

    Cross-site scripting (XSS) vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to inject arbitrary web script or HTML via a message body.... Read more

    Affected Products : mailsite_express
    • Published: Nov. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3422

    Cross-site scripting (XSS) vulnerability in error.asp in ASP Fast Forum allows remote attackers to inject arbitrary web script or HTML via the error parameter.... Read more

    Affected Products : asp_fast_forum
    • Published: Nov. 01, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3406

    Cross-site scripting (XSS) vulnerability in phpESP 1.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors.... Read more

    Affected Products : phpesp
    • Published: Nov. 01, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3367

    Cross-site scripting (XSS) vulnerability in journal.php in SparkleBlog 2.1 allows remote attackers to inject arbitrary web script or HTML via the name field.... Read more

    Affected Products : sparkleblog
    • Published: Oct. 30, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3397

    Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows remote attackers to inject arbitrary web script or HTML via the error parameter to comersus_backoffice_supportError.asp. NOTE: the comersus_backoffice_message.asp/message vector is al... Read more

    • Published: Nov. 01, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3312

    The HTML rendering engine in Microsoft Internet Explorer 6.0 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML in corrupted images and other files such as .GIF, JPG, and WAV, which is rendered as HTML when the user clicks on t... Read more

    Affected Products : internet_explorer
    • Published: Oct. 26, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3854

    Cross-site scripting (XSS) vulnerability in index.php in EasyPageCMS allows remote attackers to inject arbitrary web script or HTML via the cat parameter.... Read more

    Affected Products : easypagecms
    • Published: Nov. 27, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2015-1053

    Cross-site scripting (XSS) vulnerability in the administrative backend in Croogo before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to admin/file_manager/file_manager/editfile.... Read more

    Affected Products : croogo
    • Published: Jan. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2007-3950

    lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving the use of incompatible format specifiers in certain debugging messages in the (1) mod_scgi, (2) mod_fastc... Read more

    Affected Products : lighttpd
    • Published: Jul. 24, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-4119

    Multiple cross-site scripting (XSS) vulnerabilities in CA Service Desk 11.2 and CMDB 11.0 through 11.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "multiple web forms."... Read more

    Affected Products : service_desk cmdb
    • Published: Sep. 27, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2005-3361

    Cross-site scripting (XSS) vulnerability in forum/index.php in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the nome parameter in a login operation, a variant of CVE-2005-3306.... Read more

    Affected Products : flatnuke
    • Published: Oct. 28, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3292

    Multiple cross-site scripting (XSS) vulnerabilities in Xeobook 0.93 allow remote attackers to inject arbitrary web script or HTML via Javascript events in tages such as <b>.... Read more

    Affected Products : xeobook
    • Published: Oct. 23, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3337

    Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0.19.3 allow remote attackers to inject arbitrary web script or HTML via (1) unknown vectors involving Javascript and (2) mantis/view_all_set.php.... Read more

    Affected Products : mantis
    • Published: Oct. 27, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3999

    Cross-site scripting (XSS) vulnerability in Search.asp in SiteBeater MP3 Catalog 2.03 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.... Read more

    Affected Products : sitebeater_mp3_catalog
    • Published: Dec. 05, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2008-4118

    Cross-site scripting (XSS) vulnerability in High Norm Sound Master 2nd 1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : sound_master_2nd
    • Published: Sep. 18, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2005-3260

    Multiple cross-site scripting (XSS) vulnerabilities in versatileBulletinBoard (vBB) 1.0.0 RC2 allow remote attackers to inject arbitrary web script or HTML via (1) the url parameter in dereferrer.php and (2) the file parameter in imagewin.php.... Read more

    Affected Products : versatilebulletinboard
    • Published: Oct. 20, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3967

    Cross-site scripting (XSS) vulnerability in the dosearchsite.action module in Atlassian Confluence 2.0.1 Build 321 allows remote attackers to inject arbitrary web script or HTML via the searchQuery.queryString search module parameter.... Read more

    Affected Products : confluence
    • Published: Dec. 03, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3954

    Cross-site scripting (XSS) vulnerability in blogBuddies 0.3 allows remote attackers to inject arbitrary web script or HTML via the u parameter to index.php.... Read more

    Affected Products : blogbuddies
    • Published: Dec. 01, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4000

    Cross-site scripting (XSS) vulnerability in archive.asp in SiteBeater News System 4.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the sKeywords parameter.... Read more

    Affected Products : sitebeater_news
    • Published: Dec. 05, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3103

    Cross-site scripting (XSS) vulnerability in Movable Type before 3.2 allows remote attackers to inject arbitrary web script or HTML via the (1) title, (2) category, (3) body, (4) extended body, and (5) excerpt form fields in new blog entries.... Read more

    Affected Products : movable_type
    • Published: Sep. 28, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 294848 Results