Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-10092

    The Download Monitor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handle_api_key_actions function in all versions up to, and including, 5.0.12. This makes it possible for authenticat... Read more

    Affected Products :
    • Published: Oct. 26, 2024
    • Modified: Oct. 28, 2024

  • 4.3

    MEDIUM
    CVE-2004-1807

    Cross-site scripting (XSS) vulnerability in index.cfm in CFWebstore 5.0 allows remote attackers to inject arbitrary web script or HTML via the URL.... Read more

    Affected Products : cfwebstore
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1825

    Cross-site scripting (XSS) vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) return or (2) mos_change_template parameters.... Read more

    Affected Products : mambo_open_source
    • Published: Mar. 16, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1617

    Multiple cross-site scripting (XSS) vulnerabilities in Advanced Poll 2.02 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to comments.php or (2) poll_id parameter to page.php. NOTE: it is possible that this issue is... Read more

    Affected Products : advanced_poll
    • Published: Apr. 05, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1789

    Cross-site scripting (XSS) vulnerability in the web management interface in ZyWALL 10 4.07 allows remote attackers to inject arbitrary web script or HTML via the rpAuth_1 page.... Read more

    Affected Products : zywall10
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2288

    Cross-site scripting (XSS) vulnerability in PHPCounter 7.2 allows remote attackers to inject arbitrary web script or HTML via the EpochPrefix parameter.... Read more

    Affected Products : phpcounter
    • Published: Jul. 18, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2332

    Cross-site scripting (XSS) vulnerability in PHPPageProtect 1.0.0a allows remote attackers to inject arbitrary web script or HTML via the username parameter to (1) admin.php or (2) login.php.... Read more

    Affected Products : phppageprotect
    • Published: Jul. 20, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2430

    Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id or (2) group_id parameter to forum.php, (3) project_task_id parameter to task.php, (4) id parameter to det... Read more

    Affected Products : gforge
    • Published: Aug. 03, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2338

    Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.12 JP and earlier, XOOPS 2.0.13.1 and earlier, and 2.2.x up to 2.2.3 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) modules that use "XOOPS Code" and (2) newbb in ... Read more

    Affected Products : xoops
    • Published: Oct. 27, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2545

    Multiple cross-site scripting (XSS) vulnerabilities in PHPOpenChat 3.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) content parameter to profile.php and profile_misc.php, (3) the profile fields in userpage.php, ... Read more

    Affected Products : phpopenchat
    • Published: Aug. 10, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2003-1312

    siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a session ID string in the value of the SMSESSION parameter in a URL, which might allow remote attackers to obtain the ID by sniffing, reading Referer logs, or other methods.... Read more

    Affected Products : siteminder
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1623

    Unspecified vulnerability in main.php in an unspecified "file created by Andries Bruinsma," possibly a FleXiBle Development (FXB) application, allows remote attackers to include and execute arbitrary PHP code. NOTE: this disclosure is extremely vague and... Read more

    Affected Products : flexible_development
    • Published: Apr. 05, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2012-5181

    Cross-site scripting (XSS) vulnerability in concrete5 Japanese 5.5.1 through 5.5.2.1 and concrete5 English 5.5.0 through 5.6.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : concrete5
    • Published: Dec. 21, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2005-2339

    Cross-site scripting (XSS) vulnerability in the Unicode version of msearch (unicode-msearch) 1.51(U1)-beta1, 1.51(U1), and 1.52(U1) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : unicode_msearch
    • Published: Nov. 21, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2019-8550

    An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A user’s video may not be paused in a FaceTime call if they exit the FaceTime app while the ... Read more

    Affected Products : macos mac_os_x iphone_os watchos
    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2005-2402

    Cross-site scripting (XSS) vulnerability in search.php in PHPSiteSearch 1.7.7d allows remote attackers to inject arbitrary web script or HTML via the query parameter.... Read more

    Affected Products : phpsitesearch
    • Published: Jul. 27, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2539

    Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke 2.5.5 and possibly earlier versions allow remote attackers to inject arbitrary web script or HTML via the (1) bodycolor, (2) backimage, (3) theme, or (4) logo parameter to structure.php, (5) ... Read more

    Affected Products : flatnuke
    • Published: Aug. 10, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2560

    Cross-site scripting (XSS) vulnerability in index.cfm in CFBB 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter.... Read more

    Affected Products : cfbb
    • Published: Aug. 16, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1679

    Cross-site scripting (XSS) vulnerability in modules/online.php in Jupiter CMS 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the layout parameter to index.php.... Read more

    Affected Products : jupiter_cms
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3411

    Cross-site scripting (XSS) vulnerability in post.asp in Snitz Forums 2000 3.4.05 allows remote attackers to inject arbitrary web script or HTML via the type parameter in a Topic method.... Read more

    Affected Products : snitz_forums_2000
    • Published: Nov. 01, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 293654 Results