Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2009-1249

    Cross-site scripting (XSS) vulnerability in Feed element mapper 5.x before 5.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the content title in admin/content/node-type/nodetype/map.... Read more

    Affected Products : drupal feedapi_mapper
    • Published: Apr. 06, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-1287

    Cross-site scripting (XSS) vulnerability in Cisco Subscriber Edge Services Manager (SESM) allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: some of these details are obtained from third party information.... Read more

    Affected Products : subscriber_edge_services_manager
    • Published: Apr. 13, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-5599

    Cross-site scripting (XSS) vulnerability in Oracle Application Express (formerly HTML DB) before 2.2.1 allows remote attackers to inject arbitrary HTML or web script via the WWV_FLOW_ITEM_HELP package. NOTE: it is likely that this issue overlaps one of t... Read more

    Affected Products : apex
    • Published: Oct. 28, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-1349

    Multiple cross-site scripting (XSS) vulnerabilities in Musicbox 2.3 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) id and (2) type and (3) show parameters in a top action in (a) index.php; and the (4) message1 parameter i... Read more

    Affected Products : musicbox
    • Published: Mar. 22, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2721

    Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php or (2) admin.php in Foojan PHP Weblog allow remote attackers to inject arbitrary web script or HTML via the Referer field in the HTTP header.... Read more

    Affected Products : php_weblog
    • Published: Aug. 30, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2012-2591

    Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect Email Server 10.0 and 10.0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) From or (2) Date field in an email.... Read more

    Affected Products : emailarchitect_email_server
    • Published: Jun. 20, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4645

    Cross-site scripting (XSS) vulnerability in dhcpinfo.html in D-link DSL-2760U-E1 allows remote attackers to inject arbitrary web script or HTML via a hostname.... Read more

    Affected Products : dsl-2760u-e1
    • Published: Jun. 25, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2005-2839

    Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro 1.0.72 allow remote attackers to inject arbitrary web script or HTML via (1) dl-search.php or (2) wl-search.php.... Read more

    Affected Products : md-pro
    • Published: Sep. 07, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3308

    Multiple cross-site scripting (XSS) vulnerabilities in Zomplog 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) comment parameter in detail.php, (3) the username parameter in get.php, and (4) the search parameter i... Read more

    Affected Products : zomplog
    • Published: Oct. 26, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2009-1342

    Cross-site scripting (XSS) vulnerability in the CCK comment reference module 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via certain comment titles associated with a node edit form.... Read more

    Affected Products : drupal cck_comment_reference
    • Published: Apr. 20, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-3327

    Cross-site scripting (XSS) vulnerability in Custom dating biz dating script 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) sn20_special_cases parameter ("Special Cases" field) in profile/mini.php, (2) tyxx01_album_name para... Read more

    Affected Products : custom_dating_biz_dating_script
    • Published: Jun. 30, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2007-2669

    Multiple cross-site scripting (XSS) vulnerabilities in PHPChain 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the catid parameter to (1) settings.php or (2) cat.php. NOTE: certain parameter values also trigger path dis... Read more

    Affected Products : phpchain
    • Published: May. 14, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-3319

    Cross-site scripting (XSS) vulnerability in rss/index.php in PHP iCalendar 2.22 and earlier allows remote attackers to inject arbitrary web script or HTML via the cal parameter.... Read more

    Affected Products : php_icalendar
    • Published: Jun. 30, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2007-2694

    Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Express and WebLogic Server 6.1 through SP7, 7.0 through SP7, 8.1 through SP5, 9.0 GA, and 9.1 GA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : weblogic_server
    • Published: May. 16, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2005-3412

    Cross-site scripting (XSS) vulnerability in Elite Forum 1.0.0.0 allows remote attackers to inject arbitrary web script or HTML via a Post Reply to a topic, in which the reply contains a javascript: URL in an <img> tag.... Read more

    Affected Products : elite_forum
    • Published: Nov. 01, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2007-2680

    Cross-site scripting (XSS) vulnerability in the management interface in Canon Network Camera Server VB100 and VB101 with firmware 3.0 R69 and earlier, and VB150 with firmware 1.1 R39 and earlier, allows remote attackers to inject arbitrary web script or H... Read more

    • Published: May. 15, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-2724

    Cross-site scripting (XSS) vulnerability in all_photos.html in fotolog allows remote attackers to inject arbitrary web script or HTML via the user parameter.... Read more

    Affected Products : fotolog
    • Published: May. 16, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2014-4516

    Cross-site scripting (XSS) vulnerability in bicm-carousel-preview.php in the BIC Media Widget plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the param parameter.... Read more

    Affected Products : bic_media_widget
    • Published: Jul. 01, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2007-2745

    Cross-site scripting (XSS) vulnerability in printcal.pl in vDesk Webmail 4.03 allows remote attackers to inject arbitrary web script or HTML via the type parameter.... Read more

    Affected Products : webmail
    • Published: May. 17, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2014-1977

    The NTT DOCOMO sp mode mail application 6300 and earlier for Android 4.0.x and 6700 and earlier for Android 4.1 through 4.4 uses weak permissions for attachments during processing of incoming e-mail messages, which allows attackers to obtain sensitive inf... Read more

    Affected Products : android spmode_mail_android
    • Published: Mar. 19, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293614 Results