Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2014-8616

    Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.2.x before 5.2.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) user group or (2) vpn template menus.... Read more

    Affected Products : fortios
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2471

    Microsoft XML Core Services 3.0, 5.0, and 6.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "MSXML Information Disclosure Vulnerab... Read more

    Affected Products : xml_core_services
    • Published: Aug. 15, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2006-2153

    Cross-site scripting (XSS) vulnerability in HTM_PASSWD in DirectAdmin Hosting Management allows remote attackers to inject arbitrary web script or HTML via the domain parameter.... Read more

    Affected Products : directadmin
    • Published: May. 03, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2009-3189

    Cross-site scripting (XSS) vulnerability in search.php in DigiOz Guestbook 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the search_term parameter.... Read more

    Affected Products : digioz_guestbook
    • Published: Sep. 15, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-4171

    An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long a... Read more

    Affected Products : messenger
    • Published: Dec. 02, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-4489

    libvpx, as used in Google Chrome before 8.0.552.215 and possibly other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebM video. NOTE: this vulnerability exists because of a regression.... Read more

    Affected Products : chrome
    • Published: Dec. 07, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-4185

    Cross-site scripting (XSS) vulnerability in proxy/smhui/getuiinfo in HP System Management Homepage (SMH) before 6.0 allows remote attackers to inject arbitrary web script or HTML via the servercert parameter.... Read more

    Affected Products : system_management_homepage
    • Published: Feb. 05, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-3201

    Integer overflow in Media Player Classic 6.4.9 allows user-assisted remote attackers to cause a denial of service (application crash) via a MIDI file (.mid) with a malformed header, which triggers a buffer overflow, a different vulnerability than CVE-2007... Read more

    Affected Products : media_player_classic
    • Published: Sep. 15, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-2032

    Cross-site scripting (XSS) vulnerability in search.asp in PDshopPro, when downloaded before 20070308, allows remote attackers to inject arbitrary web script or HTML via the search parameter.... Read more

    Affected Products : pdshoppro
    • Published: Jun. 12, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3196

    Cross-site scripting (XSS) vulnerability in index.php in JCE-Tech PHP Video Script allows remote attackers to inject arbitrary web script or HTML via the key parameter.... Read more

    Affected Products : php_video_script
    • Published: Sep. 15, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3167

    Directory traversal vulnerability in index.php in Anantasoft Gazelle CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.... Read more

    Affected Products : gazelle_cms
    • Published: Sep. 11, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-4692

    Cross-site scripting (XSS) vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to inject arbitrary web script or HTML via the pr parameter in a ulist action.... Read more

    Affected Products : radlance
    • Published: Mar. 10, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-4168

    Cross-site scripting (XSS) vulnerability in Roy Tanck tagcloud.swf, as used in the WP-Cumulus plugin before 1.23 for WordPress and the Joomulus module 2.0 and earlier for Joomla!, allows remote attackers to inject arbitrary web script or HTML via the tagc... Read more

    Affected Products : wordpress wp-cumulus
    • Published: Dec. 02, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-4685

    Cross-site scripting (XSS) vulnerability in celebrities.php in PHP Scripts Now Astrology allows remote attackers to inject arbitrary web script or HTML via the day parameter.... Read more

    Affected Products : astrology
    • Published: Mar. 10, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-3271

    Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element.... Read more

    Affected Products : iphone_os safari
    • Published: Sep. 21, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3195

    Multiple cross-site scripting (XSS) vulnerabilities in JCE-Tech Auction RSS Content Script 3.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) rss.php and (2) search.php.... Read more

    Affected Products : auction_rss_content_script
    • Published: Sep. 15, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-2084

    Multiple cross-site scripting (XSS) vulnerabilities in FarsiNews 2.5.3 Pro and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) month and (2) year parameters in (a) index.php, and the (3) mod parameter in (b) admin.php.... Read more

    Affected Products : farsinews
    • Published: Apr. 29, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2009-4686

    Cross-site scripting (XSS) vulnerability in account.php in phplemon AdQuick 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the red_url parameter.... Read more

    Affected Products : adquick
    • Published: Mar. 10, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-10852

    The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the buy_one_click_export_options AJAX action in all versions up to, and including, 2.2.9. This makes it possible for authe... Read more

    Affected Products : buy_one_click_woocommerce
    • Published: Nov. 13, 2024
    • Modified: Nov. 13, 2024

  • 4.3

    MEDIUM
    CVE-2009-3914

    Cross-site scripting (XSS) vulnerability in the Temporary Invitation module 5.x before 5.x-2.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the Name field in an invitation.... Read more

    Affected Products : drupal temporary_invitation
    • Published: Nov. 09, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 294270 Results