Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2006-4755

    Cross-site scripting (XSS) vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the letter parameter. NOTE: the provenance of this information is unknown; the details are obtai... Read more

    Affected Products : phpmydirectory
    • Published: Sep. 13, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-4762

    Multiple cross-site scripting (XSS) vulnerabilities in Ykoon RssReader allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test sui... Read more

    Affected Products : rssreader
    • Published: Sep. 13, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2013-3262

    Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the p parameter.... Read more

    Affected Products : wordpress download_monitor
    • Published: Aug. 09, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-4973

    Cross-site scripting (XSS) vulnerability in the search feature in Campsite 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the f_search_keywords parameter. NOTE: the provenance of this information is unknown; the details are obta... Read more

    Affected Products : campsite
    • Published: Nov. 01, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2006-4797

    Cross-site scripting (XSS) vulnerability in tag.php in CloudNine Interactive CJ Tag Board 3.0 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a url BBcode tag in the cjmsg parameter.... Read more

    Affected Products : cj_tag_board
    • Published: Sep. 14, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-4923

    Cross-site scripting (XSS) vulnerability in search.php in eSyndiCat Portal System allows remote attackers to inject arbitrary web script or HTML via the what parameter.... Read more

    Affected Products : esyndicat_portal_system
    • Published: Sep. 21, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-5516

    Multiple cross-site scripting (XSS) vulnerabilities in actions/usersettings.php in WikiNi before 0.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) email parameters to wakka.php.... Read more

    Affected Products : wikini
    • Published: Oct. 26, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2013-3501

    Multiple cross-site scripting (XSS) vulnerabilities in GroundWork Monitor Enterprise 6.7.0 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the foundation-webapp/admin/ directory, (2) the NeDi component, or (3) the ... Read more

    Affected Products : groundwork_monitor
    • Published: May. 08, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2006-5599

    Cross-site scripting (XSS) vulnerability in Oracle Application Express (formerly HTML DB) before 2.2.1 allows remote attackers to inject arbitrary HTML or web script via the WWV_FLOW_ITEM_HELP package. NOTE: it is likely that this issue overlaps one of t... Read more

    Affected Products : apex
    • Published: Oct. 28, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-1175

    Cross-site scripting (XSS) vulnerability in an admin feature in WebAPP before 20070209 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : webapp
    • Published: Mar. 02, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-7076

    Cross-site scripting (XSS) vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to inject arbitrary web script or HTML via the entry parameter. NOTE: this issue might be resultant from SQL injection.... Read more

    Affected Products : phpbb_advanced_guestbook
    • Published: Mar. 02, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-7085

    Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to add arbitrary content and conduct XSS attacks via a direct request to add_art.php. NOTE: this issue was originally reported as SQL injection, but this is not likely.... Read more

    Affected Products : rigter_portal_system
    • Published: Mar. 02, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2013-2314

    Cross-site scripting (XSS) vulnerability in the adminAuthorization function in data/class/helper/SC_Helper_Session.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL associated ... Read more

    Affected Products : ec-cube ec-cube
    • Published: May. 29, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2006-7086

    The (1) dlback.php and (2) dlback.cgi scripts in Hot Links allow remote attackers to obtain sensitive information and download the database via a direct request with a modified dl parameter.... Read more

    Affected Products : hot_links
    • Published: Mar. 02, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-1278

    Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a file... Read more

    • Published: Mar. 16, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2012-2910

    Multiple cross-site scripting (XSS) vulnerabilities in SiliSoftware phpThumb() 1.7.11 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter to demo/phpThumb.demo.random.php or (2) title parameter to demo/phpThumb.demo.sho... Read more

    Affected Products : phpthumb\(\)
    • Published: May. 21, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-2904

    player.swf in LongTail JW Player 5.9 allows remote attackers to conduct cross-site scripting (XSS) attacks to inject arbitrary web script or HTML via multiple "javascript:" sequences in the debug parameter.... Read more

    Affected Products : jw_player
    • Published: May. 21, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2007-1508

    Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAdmin allows remote attackers to inject arbitrary web script or HTML via the RESULT parameter, a different vector than CVE-2006-5983.... Read more

    Affected Products : directadmin
    • Published: Mar. 20, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2012-2913

    Multiple cross-site scripting (XSS) vulnerabilities in the Leaflet plugin 0.0.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) leaflet_layer.php or (2) leaflet_marker.php, as reachable through wp-ad... Read more

    • Published: May. 21, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-2339

    Cross-site scripting (XSS) vulnerability in the Glossary module 6.x-1.x before 6.x-1.8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "taxonomy information."... Read more

    Affected Products : drupal glossary
    • Published: May. 21, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 293632 Results