Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-13883

    The WPUpper Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.51. This is due to missing or incorrect nonce validation on the 'save_custom_css_request' function. This makes it possible f... Read more

    • Published: Feb. 21, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2011-2383

    Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL th... Read more

    Affected Products : internet_explorer ie
    • Published: Jun. 03, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-3063

    Google Chrome before 18.0.1025.142 does not properly validate the renderer's navigation requests, which has unspecified impact and remote attack vectors.... Read more

    Affected Products : chrome
    • Published: Mar. 30, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-2742

    Cross-site scripting (XSS) vulnerability in Eclipse Help in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 allows remote attackers to inject arbitrary web script or HTML via unspecified input.... Read more

    Affected Products : websphere_application_server
    • Published: Sep. 21, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2011-1246

    Microsoft Internet Explorer 8 does not properly handle content settings in HTTP responses, which allows remote web servers to obtain sensitive information from a different (1) domain or (2) zone via a crafted response, aka "MIME Sniffing Information Discl... Read more

    • Published: Jun. 16, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-1224

    IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not use the CRL Distribution Points (CDP) certificate extension, which might allow man-in-the-middle attackers to spoof an SSL partner via a revoked certificate for a (1) client, (2) queue m... Read more

    Affected Products : websphere_mq
    • Published: Jul. 07, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-13873

    The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.8 via the deleteUserPhoto() function due to missing validat... Read more

    Affected Products : wp_job_portal
    • Published: Feb. 22, 2025
    • Modified: Mar. 11, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2009-3266

    Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) Atom feed, which allows remote attackers to conduct cross-site scripting (XSS) attacks, and conduct cross-zone scripting attacks involving the Feed Subscription Page to read feeds or c... Read more

    Affected Products : opera_browser
    • Published: Sep. 18, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-4966

    Cross-site scripting (XSS) vulnerability in default.asp in ATCOM Netvolution allows remote attackers to inject arbitrary web script or HTML via the query parameter in a Search action.... Read more

    Affected Products : netvolution
    • Published: Oct. 21, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-4949

    Cross-site scripting (XSS) vulnerability in the (1) FreiChat component before 2.1.2 for Joomla! and the (2) FreiChatPure component before 1.2.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML by entering it in an unspecified win... Read more

    Affected Products : joomla\! freichat freichatpure
    • Published: Oct. 09, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-4960

    Cross-site scripting (XSS) vulnerability in the Branchenbuch (aka Yellow Pages or mh_branchenbuch) extension before 0.9.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : typo3 mh_branchenbuch
    • Published: Oct. 09, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2005-0870

    Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template... Read more

    Affected Products : phpsysinfo
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2012-0203

    Cross-site scripting (XSS) vulnerability in InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • Published: Jan. 31, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-2369

    Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 4.0.1 allows remote attackers to inject arbitrary web script or HTML via an SVG element containing an HTML-encoded entity.... Read more

    Affected Products : firefox
    • Published: Jun. 30, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2408

    Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors.... Read more

    Affected Products : e-business_suite
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-2400

    Cross-site scripting (XSS) vulnerability in HP SiteScope 9.x, 10.x, and 11.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : sitescope
    • Published: Jul. 29, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-2342

    The DOM implementation in Google Chrome before 12.0.742.91 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.... Read more

    Affected Products : chrome
    • Published: Jun. 09, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-4567

    Cross-site scripting (XSS) vulnerability in includes/templates/template_default/templates/tpl_gv_send_default.php in Zen Cart before 1.5 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a gv_send action to index.... Read more

    Affected Products : zen_cart
    • Published: Nov. 29, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2482

    LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-... Read more

    Affected Products : libtiff
    • Published: Jul. 06, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-2624

    Opera before 11.50 allows user-assisted remote attackers to cause a denial of service (application hang) via a large table, which is not properly handled during a print preview.... Read more

    Affected Products : opera_browser
    • Published: Jul. 01, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 293544 Results