Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2005-0434

    Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 allow remote attackers to inject arbitrary HTML or web script via (1) the newdownloadshowdays parameter in a NewDownloads operation or (2) the newlinkshowdays parameter in a NewLinks oper... Read more

    Affected Products : php-nuke
    • Published: Feb. 15, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1116

    Cross-site scripting (XSS) vulnerability in the Calendar module for phpBB allow remote attackers to inject arbitrary web script or HTML via the start parameter to calendar_scheduler.php.... Read more

    Affected Products : phpbb
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2453

    Cross-site scripting (XSS) vulnerability in NetworkActiv Web Server 1.0, 2.0.0.6, 3.0.1.1, and 3.5.13, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the query string.... Read more

    Affected Products : networkactiv_web_server
    • Published: Aug. 04, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2022-22216

    An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the PFE of Juniper Networks Junos OS on PTX Series and QFX10k Series allows an adjacent unauthenticated attacker to gain access to sensitive information. PTX1000 and PTX10000 S... Read more

    • Published: Jul. 20, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2005-1320

    Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.... Read more

    Affected Products : mnemo
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1068

    Cross-site scripting (XSS) vulnerability in sCssBoard 1.11 and earlier allows remote attackers to execute arbitrary Javascript via [url] tags.... Read more

    Affected Products : scssboard
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2020-2104

    Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with Overall/Read access to view a JVM memory usage chart.... Read more

    Affected Products : jenkins
    • Published: Jan. 29, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2005-0477

    Cross-site scripting (XSS) vulnerability in the SML code for Invision Power Board 1.3.1 FINAL allows remote attackers to inject arbitrary web script via (1) a signature file or (2) a message post containing an IMG tag within a COLOR tag whose style is set... Read more

    Affected Products : invision_power_board
    • Published: Mar. 30, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2012-4839

    The OSLC interface in the Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to conduct phishing attacks via a FRAME element.... Read more

    Affected Products : rational_clearquest
    • Published: Dec. 20, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-1767

    Agent A is able to save a draft (i.e. for customer reply). Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent. This issue affec... Read more

    Affected Products : debian_linux otrs
    • Published: Jan. 10, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2005-1183

    Cross-site scripting (XSS) vulnerability in mvnForum 1.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the Search parameter.... Read more

    Affected Products : mvnforum
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2090

    Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and ... Read more

    Affected Products : tomcat
    • Published: Jul. 05, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2013-5693

    Cross-site scripting (XSS) vulnerability in X2Engine X2CRM before 3.5 allows remote attackers to inject arbitrary web script or HTML via the model parameter to index.php/admin/editor.... Read more

    Affected Products : x2crm
    • Published: Sep. 30, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2023-33946

    The Object module in Liferay Portal 7.4.3.4 through 7.4.3.48, and Liferay DXP 7.4 before update 49 does properly isolate objects in difference virtual instances, which allows remote authenticated users in one virtual instance to view objects in a differen... Read more

    • Published: May. 24, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-2196

    A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Item/Read permission to check for the existence of an attacker-specified file path on an agent file system.... Read more

    Affected Products : code_dx
    • Published: May. 16, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-39419

    Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to... Read more

    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-4087

    A vulnerability was found in iPXE. It has been declared as problematic. This vulnerability affects the function tls_new_ciphertext of the file src/net/tls.c of the component TLS. The manipulation of the argument pad_len leads to information exposure throu... Read more

    Affected Products : ipxe
    • Published: Nov. 21, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-23258

    Microsoft Edge for Android Spoofing Vulnerability... Read more

    Affected Products : android edge edge_chromium
    • Published: Jan. 25, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2008-0359

    Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin.php or (2) index.php in photo/.... Read more

    Affected Products : blog_cms
    • Published: Jan. 18, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-0474

    Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 8.1 build 8100 allow remote attackers to inject arbitrary web script or HTML via the (1) showlink parameter to jsp/DiscoveryProfiles.jsp; the (2) attributeIDs, (3) at... Read more

    • Published: Jan. 29, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 293695 Results