Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2008-4147

    Cross-site scripting (XSS) vulnerability in the Mailsave module 5.x before 5.x-3.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via an e-mail message with an attached file that has a modified ... Read more

    Affected Products : mailsave
    • Published: Sep. 24, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2005-4571

    Cross-site scripting (XSS) vulnerability in myEZshop Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the Keyword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third p... Read more

    Affected Products : myezshop_shopping_cart
    • Published: Dec. 29, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2020-10489

    CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a ticket via a crafted request.... Read more

    Affected Products : phpkb
    • Published: Mar. 12, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-10496

    CSRF in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article, given the id, via a crafted request.... Read more

    Affected Products : phpkb
    • Published: Mar. 12, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2005-4487

    Cross-site scripting (XSS) vulnerability in RAMSite R|1 CMS 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter.... Read more

    Affected Products : r1_cms
    • Published: Dec. 22, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2020-10503

    CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to disapprove any comment, given the id, via a crafted request.... Read more

    Affected Products : phpkb
    • Published: Mar. 12, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-10485

    CSRF in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article via a crafted request.... Read more

    Affected Products : phpkb
    • Published: Mar. 12, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-10500

    CSRF in admin/reply-ticket.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to reply to any ticket, given the id, via a crafted request.... Read more

    Affected Products : phpkb
    • Published: Mar. 12, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-10480

    CSRF in admin/add-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new category via a crafted request.... Read more

    Affected Products : phpkb
    • Published: Mar. 12, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2005-4491

    Multiple cross-site scripting (XSS) vulnerabilities in Sitekit CMS 6.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query string, (2) textonly, (3) locID, and (4) lang parameters to (a) Default.aspx, and the (6) Cl... Read more

    Affected Products : sitekit_cms
    • Published: Dec. 22, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2020-10484

    CSRF in admin/add-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to create a custom field via a crafted request.... Read more

    Affected Products : phpkb
    • Published: Mar. 12, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2004-2411

    The CleanseMessage function in shop$db.asp for VP-ASP Shopping Cart 4.0 through 5.0 does not sufficiently cleanse inputs, which allows remote attackers to conduct cross-site scripting (XSS) attacks that do not use <script> tags, as demonstrated via javasc... Read more

    Affected Products : vp-asp
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2024-10321

    The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.4 in elements/advanced-tab/template/view.php. This makes it possible for authenticated attackers... Read more

    Affected Products : all-in-one_addons_for_elementor
    • Published: Mar. 08, 2025
    • Modified: Mar. 13, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2005-4483

    Cross-site scripting (XSS) vulnerability in login.asp in SiteEnable 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the ret_page parameter.... Read more

    Affected Products : siteenable
    • Published: Dec. 22, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4489

    Cross-site scripting (XSS) vulnerability in Scoop 1.1 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) type and (2) count parameters, and (3) the query string in a story.... Read more

    Affected Products : scoop
    • Published: Dec. 22, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4512

    Cross-site scripting (XSS) vulnerability in WAXTRAPP 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.... Read more

    Affected Products : waxtrapp
    • Published: Dec. 23, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4407

    Cross-site scripting (XSS) vulnerability in index.cfm in Mercury CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) content and (2) criteria parameters.... Read more

    Affected Products : mercury_cms
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2020-10492

    CSRF in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article template via a crafted request.... Read more

    Affected Products : phpkb
    • Published: Mar. 12, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-10486

    CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a comment via a crafted request.... Read more

    Affected Products : phpkb
    • Published: Mar. 12, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2005-4381

    Multiple cross-site scripting (XSS) vulnerabilities in Caravel CMS 3.0 Beta 1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fileDN and (2) folderviewer_attrs parameters.... Read more

    Affected Products : caravel_cms
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 293673 Results