Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2013-6449

    The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client.... Read more

    Affected Products : openssl
    • Published: Dec. 23, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2215

    Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "click-jacking" issue.... Read more

    • Published: Aug. 11, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2229

    Multiple cross-site scripting (XSS) vulnerabilities in blog/index.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.... Read more

    Affected Products : moodle
    • Published: Jun. 28, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2006-3137

    Cross-site scripting (XSS) vulnerability in productDetail.asp in Edge eCommerce Shop allows remote attackers to inject arbitrary web script or HTML via the cart_id parameter.... Read more

    Affected Products : edge_ecommerce_shop
    • Published: Jun. 22, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3129

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in NC LinkList 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) view parameters.... Read more

    Affected Products : nc_linklist
    • Published: Jun. 22, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2018-6048

    Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak referrer information via a crafted HTML page.... Read more

    • Published: Sep. 25, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-8631

    The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 supports native-interface passing, which allows remote attackers to bypass intended DOM object restrictions via a call to an unspecified method.... Read more

    Affected Products : firefox seamonkey
    • Published: Dec. 11, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2006-4421

    Cross-site scripting (XSS) vulnerability in template/default/thanks_comment.php in Yet Another PHP Image Gallery (YaPIG) 0.95b allows remote attackers to inject arbitrary web script or HTML via the D_REFRESH_URL parameter.... Read more

    Affected Products : yapig
    • Published: Aug. 29, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3138

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyDirectory 10.4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PIC parameter in offers-pix.php, (2) from parameter in cp/index.php, and (3) action paramete... Read more

    Affected Products : phpmydirectory
    • Published: Jun. 22, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3079

    Cross-site scripting (XSS) vulnerability in index.cfm in SSPwiz Plus 1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter.... Read more

    Affected Products : sspwiz_plus
    • Published: Jun. 19, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2010-1762

    Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML in a TEXTAR... Read more

    • Published: Jun. 11, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2006-3060

    Cross-site scripting (XSS) vulnerability in P.A.I.D 2.2 allows remote attackers to inject arbitrary web script or HTML via the (1) read parameter in index.php, (2) farea parameter in faq.php, and (3) unspecified input fields on the "My Account" login page... Read more

    Affected Products : p.a.i.d
    • Published: Jun. 19, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2014-9721

    libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header.... Read more

    Affected Products : libzmq zeromq
    • Published: Jun. 03, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2010-1639

    The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length.... Read more

    Affected Products : clamav
    • Published: May. 26, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2006-3131

    Multiple cross-site scripting (XSS) vulnerabilities in Clubpage allow remote attackers to inject arbitrary web script or HTML via the (1) news_archive, (2) language, and (3) intranetLogin parameters in (a) index.php; the (4) sites_id parameter in (b) site... Read more

    Affected Products : clubpage
    • Published: Jun. 22, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3049

    Multiple cross-site scripting (XSS) vulnerabilities in booking3.php in Mole Group Ticket Booking Script allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) address1, (3) address2, (4) county, (5) postcode, (6) email, (7) ph... Read more

    Affected Products : mole_group_ticket_booking_script
    • Published: Jun. 16, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2010-1395

    Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving DOM constructor ... Read more

    • Published: Jun. 11, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1374

    Directory traversal vulnerability in iChat in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, when AIM is used, allows remote attackers to create arbitrary files via directory traversal sequences in an inline image-transfer operation.... Read more

    Affected Products : mac_os_x mac_os_x_server aim
    • Published: Jun. 17, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2018-4440

    A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.... Read more

    Affected Products : itunes iphone_os safari icloud windows
    • Published: Apr. 03, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2006-3030

    Multiple cross-site scripting (XSS) vulnerabilities in DwZone Shopping Cart 1.1.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ToCategory and (2) FromCategory parameters to (a) ProductDetailsForm.asp and (3) UserNa... Read more

    Affected Products : dwzone_shopping_cart
    • Published: Jun. 15, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 294533 Results