Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2023-47820

    Missing Authorization vulnerability in CRUDLab WP Like Button allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Like Button: from n/a through 1.7.0.... Read more

    Affected Products : wp_like_button
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 4.3

    MEDIUM
    CVE-2007-1905

    Cross-site scripting (XSS) vulnerability in auth.php in Pineapple Technologies QuizShock 1.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via encoded special characters in the forward_to parameter, as demonstrated using "&l... Read more

    Affected Products : quizshock
    • Published: Apr. 10, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-2466

    Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • Published: May. 03, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-5051

    Multiple cross-site scripting (XSS) vulnerabilities in PhpGedView 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) box_width, (2) PEDIGREE_GENERATIONS, and (3) rootid parameters in ancestry.php, and the (4) newpid parameter ... Read more

    Affected Products : phpgedview
    • Published: Sep. 24, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2021-40730

    Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.20096 (and earlier), 20.004.30015 (and earlier), and 17.011.30202 (and earlier) is affected by a use-after-free that allow a remote attacker to disclose sensitive information on affected i... Read more

    • Published: Oct. 15, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-2468

    Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • Published: May. 03, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-1395

    Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an upper... Read more

    Affected Products : phpmyadmin
    • Published: Mar. 10, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-49674

    A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.... Read more

    Affected Products : neuvector_vulnerability_scanner
    • Published: Nov. 29, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-5033

    Cross-site scripting (XSS) vulnerability in profile.php in phpBB XS 2 allows remote attackers to inject arbitrary web script or HTML via the selfdes parameter in a profile_info editprofile action.... Read more

    Affected Products : phpbb_xs
    • Published: Sep. 21, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2019-10322

    A missing permission check in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtain... Read more

    Affected Products : artifactory
    • Published: May. 31, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-3276

    Cross-site scripting (XSS) vulnerability in index.php in Site@School (S@S) 2.4.10 allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: the provenance of this information is unknown; the details are obtained solely fro... Read more

    Affected Products : siteatschool
    • Published: Jun. 19, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2019-0762

    A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins, aka 'Microsoft Browsers Security Feature Bypass Vulnerability'.... Read more

    • Published: Apr. 09, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-5012

    Cross-site scripting (XSS) vulnerability in picture.php in PhpWebGallery 1.7.0, when Comments for all is enabled, allows remote attackers to inject arbitrary web script or HTML via the author parameter. NOTE: the provenance of this information is unknown... Read more

    Affected Products : phpwebgallery
    • Published: Sep. 20, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-1248

    Multiple cross-site scripting (XSS) vulnerabilities in built2go News Manager Blog 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) uid, and (3) nid parameters to (a) news.php, and the nid parameter to (b) rating.php.... Read more

    Affected Products : news_manager_blog
    • Published: Mar. 03, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-3330

    Cross-site scripting (XSS) vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to inject arbitrary web script or HTML via a news post, which is stored in news/ without sanitization.... Read more

    Affected Products : easynews
    • Published: Jun. 21, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-3310

    Cross-site scripting (XSS) vulnerability in arama.asp in TDizin allows remote attackers to inject arbitrary web script or HTML via the ara parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party in... Read more

    Affected Products : tdizin
    • Published: Jun. 21, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2022-32795

    This issue was addressed with improved checks. This issue is fixed in iOS 16, iOS 15.7 and iPadOS 15.7. Visiting a malicious website may lead to address bar spoofing.... Read more

    Affected Products : iphone_os ipados
    • Published: Sep. 20, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-4532

    An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. Users were capable of linking CI/CD jobs of private projects whic... Read more

    Affected Products : gitlab
    • Published: Sep. 29, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-3299

    Cross-site scripting (XSS) vulnerability in AWFFull before 3.7.4, when AllSearchStr (aka the All Search Terms report) is enabled, allows remote attackers to inject arbitrary web script or HTML via a search string.... Read more

    Affected Products : awffull
    • Published: Jun. 20, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-1871

    Cross-site scripting (XSS) vulnerability in chcounter 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the login_name parameter to /stats/.... Read more

    Affected Products : chcounter
    • Published: Apr. 13, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 293426 Results