Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2007-4453

    Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the (1) s parameter to index.php, and the (2) q parameter to (a) faq.php, (b) member.php, (c) memberlist.php, (d) calend... Read more

    Affected Products : vbulletin
    • Published: Aug. 21, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2016-6102

    IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM Reference #: 2000... Read more

    Affected Products : security_key_lifecycle_manager
    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2023-5519

    The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks.... Read more

    Affected Products : eventprime
    • Published: Oct. 31, 2023
    • Modified: Apr. 23, 2025

  • 4.3

    MEDIUM
    CVE-2025-29705

    code-gen <=2.0.6 is vulnerable to Incorrect Access Control. The project does not have permission control allowing anyone to access such projects.... Read more

    Affected Products : code-gen
    • Published: Apr. 15, 2025
    • Modified: Apr. 22, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2007-6699

    Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX control in YGPPicEdit.dll in AOL You've Got Pictures (YGP) Picture Editor allow remote attackers to cause a denial of service (browser crash) via a long string in the (1) DisplayName, (2) Fina... Read more

    Affected Products : ygp_piceditor_activex_control
    • Published: Feb. 04, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-1276

    Multiple cross-site scripting (XSS) vulnerabilities in BBSXP 2008 SP2 allow remote attackers to inject arbitrary web script or HTML via the URI in a request to (1) AddPost.asp, (2) AddTopic.asp, (3) Admin_Default.asp, (4) Bank.asp, (5) Manage.asp, and (6)... Read more

    Affected Products : bbsxp
    • Published: Apr. 06, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-0093

    Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in eTicket 1.5.5.2, and 1.5.6 RC2 and RC3, allow remote attackers to inject arbitrary web script or HTML via the (1) Name and (2) Subject parameters.... Read more

    Affected Products : eticket
    • Published: Jan. 08, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2013-4188

    traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers with administrator privileges to cause a denial of service (infinite loop and resource consumption) via unspecified vectors related to "retrieving ... Read more

    Affected Products : plone
    • Published: Mar. 11, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-3328

    Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1, Maximo Asset Management Essentials 7.1, Tivoli Asset Management for IT 7.1 and 7.2, Tivoli Service Request Manager 7.1 and 7.2, and Change and Configuration Management Database (... Read more

    • Published: Feb. 20, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-0182

    Cross-site request forgery (CSRF) vulnerability in the Admin portlet in Liferay Portal before 4.4.0 allows remote authenticated users to perform unspecified actions as unspecified other authenticated users via the Shutdown message.... Read more

    Affected Products : liferay_enterprise_portal
    • Published: Feb. 05, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-4872

    Cross-site scripting (XSS) vulnerability in bidhistory.php in iTechBids Gold 5.0 allows remote attackers to inject arbitrary web script or HTML via the item_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solel... Read more

    Affected Products : itechbids
    • Published: Nov. 01, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2018-2434

    A content spoofing vulnerability in the following components allows to render html pages containing arbitrary plain text content, which might fool an end user: UI add-on for SAP NetWeaver (UI_Infra, 1.0), SAP UI Implementation for Decoupled Innovations (U... Read more

    • Published: Jul. 10, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2011-3687

    Multiple cross-site scripting (XSS) vulnerabilities in Sonexis ConferenceManager 9.2.11.0 allow remote attackers to inject arbitrary web script or HTML via (1) the txtConferenceID parameter to HostLogin.asp, (2) the txtConferenceID parameter to Participan... Read more

    Affected Products : conferencemanager
    • Published: Sep. 27, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-0558

    Cross-site scripting (XSS) vulnerability in Uniwin eCart Professional before 2.0.16 allows remote attackers to inject arbitrary web script or HTML via the rp parameter to cartView.asp and unspecified other components. NOTE: the provenance of this informa... Read more

    Affected Products : ecart_professional
    • Published: Feb. 04, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-6144

    Multiple cross-site scripting (XSS) vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-3... Read more

    • Published: Feb. 16, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2013-4154

    The qemuAgentCommand function in libvirt before 1.1.1, when a guest agent is not configured, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to "agent based cpu (un)plug," as demonstrated by th... Read more

    Affected Products : libvirt
    • Published: Sep. 30, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-4165

    The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1 provides information about authentication failure upon detecting the first incorrect byte of a password, which makes it easier for remote attackers to determine passwords via a timing side-ch... Read more

    Affected Products : bitcoin_core bitcoind
    • Published: Aug. 02, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-6200

    Multiple cross-site scripting (XSS) vulnerabilities in Swiki 1.5 allow remote attackers to inject arbitrary web script or HTML via (1) the query string and (2) a new wiki entry.... Read more

    Affected Products : swiki
    • Published: Feb. 20, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2011-4033

    Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to cause a denial of service via uns... Read more

    • Published: Dec. 02, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-6571

    Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.4 might allow remote attackers to inject arbitrary web script or HTML via (1) new_images.php, (2) login.php, and unspecified vectors.... Read more

    Affected Products : linpha
    • Published: Mar. 31, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 294335 Results