Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2007-5411

    Cross-site scripting (XSS) vulnerability in the Linksys SPA941 VoIP Phone with firmware 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the From header in a SIP message.... Read more

    Affected Products : spa941
    • Published: Oct. 12, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-5428

    Cross-site scripting (XSS) vulnerability in UMI CMS allows remote attackers to inject arbitrary web script or HTML via the search_string parameter to the default URI in search_do/.... Read more

    Affected Products : umi_cms
    • Published: Oct. 12, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2005-1975

    Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter to index.php, or the (2) site_id, (3) nom, (4) email, or (5) commentaire parameters... Read more

    Affected Products : 1two
    • Published: Jun. 16, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2017-10218

    Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0.0 and 4.2.1.0. Easily exploitable vulnerability allows low privileged attacker with netw... Read more

    Affected Products : hospitality_guest_access
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2015-2989

    Cross-site scripting (XSS) vulnerability in index.php in LEMON-S PHP Twit BBS allows remote attackers to inject arbitrary web script or HTML via the imagetitle parameter.... Read more

    Affected Products : twit_bbs
    • Published: Sep. 07, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2017-10132

    Vulnerability in the Hospitality Hotel Mobile component of Oracle Hospitality Applications (subcomponent: Suite8/iOS). The supported version that is affected is 1.05. Easily exploitable vulnerability allows low privileged attacker with network access via ... Read more

    Affected Products : hospitality_hotel_mobile
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2005-2167

    Cross-site scripting (XSS) vulnerability in index.php in Plague News System 0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the cid parameter.... Read more

    Affected Products : plague_news_system
    • Published: Jul. 06, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2012-2177

    Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors related to... Read more

    Affected Products : cognos_business_intelligence
    • Published: Mar. 05, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-1881

    Cross-site scripting (XSS) vulnerability in MT312 IMG-BBS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to model.php with a timestamp before 20090521.... Read more

    Affected Products : img-bbs
    • Published: Jun. 02, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-0541

    Multiple cross-site scripting (XSS) vulnerabilities in forum.php in Gerd Tentler Simple Forum 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) open and (2) date_show parameters.... Read more

    Affected Products : simple_forum
    • Published: Feb. 01, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-3781

    Cross-site scripting (XSS) vulnerability in GMOD GBrowse before 1.69 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : gbrowse
    • Published: Aug. 26, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2017-1725

    IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM)... Read more

    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-1501

    ownCloud Server before 8.0.9 and 8.1.x before 8.1.4 allow remote authenticated users to obtain sensitive information via unspecified vectors, which reveals the installation path in the resulting exception messages.... Read more

    Affected Products : owncloud owncloud_server
    • Published: Jan. 08, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2017-10008

    Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low pr... Read more

    Affected Products : flexcube_private_banking
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2014-4515

    Cross-site scripting (XSS) vulnerability in mce_anyfont/dialog.php in the AnyFont plugin 2.2.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the text parameter.... Read more

    Affected Products : anyfont
    • Published: Jul. 01, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4579

    Cross-site scripting (XSS) vulnerability in js/test.php in the Appointments Scheduler plugin 1.5 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the lang parameter.... Read more

    Affected Products : wp_appointments_schedules
    • Published: Jul. 02, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4661

    Cross-site scripting (XSS) vulnerability in HP Records Manager before 7.3.5 and 8.x before 8.1 Patch 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : records_manager
    • Published: Oct. 10, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-1647

    Multiple cross-site scripting (XSS) vulnerabilities in the "stand alone PHP application for the OSM Player," as used in the MediaFront module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.5 for Drupal, allow remote attackers to inject arbitrary web scri... Read more

    Affected Products : drupal mediafront
    • Published: Aug. 28, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2003-1278

    Cross-site scripting vulnerability (XSS) in OpenTopic 2.3.1 allows remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into IMG tags.... Read more

    Affected Products : opentopic
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2014-4853

    Cross-site scripting (XSS) vulnerability in odm-init.php in OpenDocMan before 1.2.7.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name of an uploaded file.... Read more

    Affected Products : opendocman
    • Published: Jul. 10, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 294299 Results