Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2015-4502

    js/src/proxy/Proxy.cpp in Mozilla Firefox before 41.0 mishandles certain receiver arguments, which allows remote attackers to bypass intended window access restrictions via a crafted web site.... Read more

    Affected Products : firefox
    • Published: Sep. 24, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2982

    Cross-site scripting (XSS) vulnerability in jquery.lightbox-0.5.min.js in PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone 1.0.1 Free and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified input... Read more

    Affected Products : photo_gallery_cms_free
    • Published: Aug. 22, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2967

    Cross-site scripting (XSS) vulnerability in settings.php in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : cacti
    • Published: Jul. 10, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2973

    Multiple cross-site scripting (XSS) vulnerabilities in the Welcart plugin before 1.4.18 for WordPress allow remote attackers to inject arbitrary web script or HTML via the usces_referer parameter to (1) classes/usceshop.class.php, (2) includes/edit-form-a... Read more

    Affected Products : welcart welcart_e-commerce
    • Published: Jul. 24, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2017-5000

    EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in ... Read more

    Affected Products : rsa_archer_egrc
    • Published: Jul. 07, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2008-1947

    Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.... Read more

    Affected Products : tomcat
    • Published: Jun. 04, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2015-2960

    Cross-site scripting (XSS) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • Published: Jun. 09, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2020-6489

    Inappropriate implementation in developer tools in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had convinced the user to take certain actions in developer tools to obtain potentially sensitive information from disk via a crafted HTML... Read more

    • Published: May. 21, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-2941

    Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.ph... Read more

    Affected Products : mediawiki
    • Published: Apr. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2932

    Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element.... Read more

    Affected Products : mediawiki
    • Published: Apr. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4519

    Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript code that executes after a drag-and-drop action of an imag... Read more

    Affected Products : firefox firefox_esr
    • Published: Sep. 24, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2917

    Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M unintentionally omit the X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via... Read more

    • Published: Sep. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2002-1060

    Cross-site scripting (XSS) vulnerability in Blue Coat Systems (formerly CacheFlow) CacheOS on Client Accelerator 4.1.06, Security Gateway 2.1.02, and Server Accelerator 4.1.06 allows remote attackers to inject arbitrary web script or HTML via a URL to a n... Read more

    Affected Products : cacheos
    • Published: Oct. 04, 2002
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-0675

    Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.5 allows remote attackers to inject arbitrary web script or HTML via the (1) list or (2) frommethod parameters.... Read more

    Affected Products : zorum
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-0606

    Cross-site scripting (XSS) vulnerability in settings.inc.php for CubeCart 2.0.0 through 2.0.5, as used in multiple PHP files, allows remote attackers to inject arbitrary HTML or web script via the (1) cat_id, (2) PHPSESSID, (3) view_doc, (4) product, (5) ... Read more

    Affected Products : cubecart
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2015-2938

    Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a custom JavaScript file, which is not properly handled when previewing t... Read more

    Affected Products : mediawiki
    • Published: Apr. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4518

    The Reader View implementation in Mozilla Firefox before 42.0 has an improper whitelist, which makes it easier for remote attackers to bypass the Content Security Policy (CSP) protection mechanism and conduct cross-site scripting (XSS) attacks via vectors... Read more

    Affected Products : firefox
    • Published: Nov. 05, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2969

    Cross-site scripting (XSS) vulnerability in index.php in LEMON-S PHP Simple Oekaki BBS before 1.21 allows remote attackers to inject arbitrary web script or HTML via the oekakis parameter.... Read more

    Affected Products : simple_oekaki_bbs
    • Published: Jul. 10, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2005-0386

    Cross-site scripting (XSS) vulnerability in network.cgi in mailreader before 2.3.29 earlier allows remote attackers to inject arbitrary web script or HTML via MIME text/enriched or text/richtext messages.... Read more

    Affected Products : mailreader.com
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2020-5418

    Cloud Foundry CAPI (Cloud Controller) versions prior to 1.98.0 allow authenticated users having only the "cloud_controller.read" scope, but no roles in any spaces, to list all droplets in all spaces (whereas they should see none).... Read more

    Affected Products : capi-release cf-deployment
    • Published: Sep. 03, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 293357 Results