Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2001-1526

    Cross-site scripting (XSS) vulnerability in the comments action in index.php in easyNews 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the zeit parameter.... Read more

    Affected Products : easynews
    • Published: Dec. 31, 2001
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2007-2818

    Cross-site scripting (XSS) vulnerability in cand_login.asp in CactuSoft Parodia 6.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the strJobIDs parameter.... Read more

    Affected Products : parodia
    • Published: May. 22, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2004-1978

    Cross-site scripting (XSS) vulnerability in help.php in Moodle before 1.3 allows remote attackers to inject arbitrary HTML and web script via the text parameter.... Read more

    Affected Products : moodle
    • Published: Apr. 30, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1964

    Cross-site scripting (XSS) vulnerability in nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to inject arbitrary web script or HTML via the portNum parameter.... Read more

    Affected Products : network_query_tool
    • Published: Apr. 23, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2018-5756

    The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 does not properly check for folder-to-object association, which allows remote authenticated users to de... Read more

    Affected Products : open-xchange_appsuite
    • Published: Jun. 16, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2008-4876

    Cross-site scripting (XSS) vulnerability in the web server component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote attackers to inject arbitrary web script or HTML via the request URL, which is not properly ha... Read more

    Affected Products : voip841_dect_phone
    • Published: Nov. 01, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2017-1116

    IBM Campaign 8.6, 9.0, 9.1, 9.1.1, 9.1.2, and 10.0 contains excessive details on the client side which could provide information useful for an authenticated user to conduct other attacks. IBM X-Force ID: 121154.... Read more

    Affected Products : campaign
    • Published: Apr. 27, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2008-2675

    Cross-site scripting (XSS) vulnerability in index.php in PHP Image Gallery allows remote attackers to inject arbitrary web script or HTML via the action parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from ... Read more

    Affected Products : php_image_gallery
    • Published: Jun. 12, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2019-5307

    Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) and P30 Pro versions before VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), are exposed to a message replay vulnerability. For the sake of better compatibility, the... Read more

    • Published: Jun. 04, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-34115

    Buffer copy without checking size of input in Zoom Meeting SDK before 5.13.0 may allow an authenticated user to potentially enable a denial of service via local access. This issue may result in the Zoom Meeting SDK to crash and need to be restarted.... Read more

    Affected Products : meeting_sdk
    • Published: Jun. 13, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-1506

    Cross-site scripting (XSS) vulnerability in PORTAL.wwv_main.render_warning_screen in the Oracle Portal 10g allows remote attackers to inject arbitrary web script or HTML via the (1) p_oldurl and (2) p_newurl parameters.... Read more

    Affected Products : application_server_portal
    • Published: Mar. 19, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-5059

    Cross-site scripting (XSS) vulnerability in index.php in ModernBill 4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript event in the new_language parameter in a login action.... Read more

    Affected Products : modernbill
    • Published: Nov. 13, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-1433

    Cross-site scripting (XSS) vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment fields to (1) scripts/addblog_comment.php and (2) detail.php.... Read more

    Affected Products : grayscale_blog
    • Published: Mar. 13, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3348

    Cross-site scripting (XSS) vulnerability in Datavore Gyro 5.0 allows remote attackers to inject arbitrary web script or HTML via the cid parameter in a cat action to the home component.... Read more

    Affected Products : gyro
    • Published: Sep. 24, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-1342

    Cross-site scripting (XSS) vulnerability in admincp/index.php in Jelsoft vBulletin 3.6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the add rss url form.... Read more

    Affected Products : vbulletin vbulletin
    • Published: Mar. 08, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-1180

    WebAPP before 0.9.9.5 does not check referrers in certain forms, which might facilitate remote cross-site request forgery (CSRF) attacks or have other unknown impact.... Read more

    Affected Products : webapp
    • Published: Mar. 02, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-35800

    Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions. An ACL entry on the SES Evolution agent directory that contains the agent logs displayed in the GUI allows interactive users to read data, which could allow access to in... Read more

    Affected Products : endpoint_security
    • Published: Jun. 27, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-1160

    Cross-site scripting (XSS) vulnerability in the OpenView web menus in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud56743.... Read more

    • Published: May. 01, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2006-3902

    Cross-site scripting (XSS) vulnerability in index.php in phpFaber TopSites 2.0.9 allows remote attackers to inject arbitrary web script or HTML via the i_cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from th... Read more

    Affected Products : topsites
    • Published: Jul. 27, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2010-2275

    Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/tests/form/test_Butt... Read more

    Affected Products : dojo
    • Published: Jun. 15, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 293620 Results