Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2006-3607

    Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Banner Exchange Script (aka Banner Exchange Network Script) 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the city parameter in (a) insertmember.php, and (2) a PHPS... Read more

    Affected Products : banner_exchange
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2011-0315

    Cross-site scripting (XSS) vulnerability in the Servlet Engine / Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via vectors relat... Read more

    Affected Products : websphere_application_server
    • Published: Jan. 12, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2006-3564

    Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the email, (2) cond, or (3) name parameters to (a) addressbook.view.php, (4) the daysprune parameter to (... Read more

    Affected Products : hivemail
    • Published: Jul. 13, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2012-0471

    Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script... Read more

    • Published: Apr. 25, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2006-3558

    Multiple cross-site scripting (XSS) vulnerabilities in Arif Supriyanto auraCMS 1.62 allow remote attackers to inject arbitrary web script or HTML via (1) the judul_artikel parameter in teman.php and (2) the title of an article sent to admin, which is disp... Read more

    Affected Products : auracms
    • Published: Jul. 13, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2018-6225

    An XML external entity injection (XXE) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an authenticated user to expose a normally protected configuration script.... Read more

    Affected Products : email_encryption_gateway
    • Published: Mar. 15, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-0588

    Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587, and CVE-2012-0589.... Read more

    Affected Products : iphone_os
    • Published: Mar. 08, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-0590

    Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a drag-and-drop operation.... Read more

    Affected Products : iphone_os
    • Published: Mar. 08, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2006-3539

    Multiple cross-site scripting (XSS) vulnerabilities in DKScript.com Dragon's Kingdom Script 1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the (1) Subject and (2) Message fi... Read more

    Affected Products : dragons_kingdom_script
    • Published: Jul. 13, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2012-6581

    Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product's keyring, and trigger outbound e-mail messages signed by an arbitrary st... Read more

    Affected Products : request_tracker
    • Published: Jul. 24, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2023-3764

    The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.90. This is due to missing or incorrect nonce validation on the Save function. This makes it possible for unauthenti... Read more

    Affected Products : woocommerce_pdf_invoice_builder
    • Published: Aug. 31, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-1701

    The GenerateFunction function in bindings/scripts/code_generator_v8.pm in Blink, as used in Google Chrome before 33.0.1750.149, does not implement a certain cross-origin restriction for the EventTarget::dispatchEvent function, which allows remote attacker... Read more

    Affected Products : chrome
    • Published: Mar. 16, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2010-2544

    Cross-site scripting (XSS) vulnerability in utilities.php in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote attackers to inject arbitrary web script or HTML via the filter parameter.... Read more

    Affected Products : cacti
    • Published: Aug. 23, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2017-8723

    Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edge Content Security Policy (CSP) validates certain specia... Read more

    Affected Products : edge windows_10 windows_server_2016
    • Published: Sep. 13, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2006-3191

    Cross-site scripting (XSS) vulnerability in comment.php in MPCS 0.2 allows remote attackers to inject arbitrary web script or HTML via the pageid parameter.... Read more

    Affected Products : mpcs
    • Published: Jun. 23, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3156

    Cross-site scripting (XSS) vulnerability in index.cgi in Ultimate eShop 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the subid parameter.... Read more

    Affected Products : ultimate_eshop
    • Published: Jun. 22, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2013-4414

    Cross-site scripting (XSS) vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to inject arbitrary web script or HTML via the "Max allowance" field in the "Set limit" form.... Read more

    Affected Products : enterprise_mrg enterprise_mrg
    • Published: Dec. 23, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2005-4785

    Cross-site scripting (XSS) vulnerability in QuickBlogger 1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) author ("your name") and (2) "comment" section.... Read more

    Affected Products : quickblogger
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2018-6068

    Object lifecycle issue in Chrome Custom Tab in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.... Read more

    • Published: Nov. 14, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2006-3149

    Cross-site scripting (XSS) vulnerability in topic.php in phpMyForum 4.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlight parameter.... Read more

    Affected Products : phpmyforum
    • Published: Jun. 22, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293608 Results