Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2013-6623

    The SVG implementation in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging the use of tree order, rather than transitive dependency order, for layout.... Read more

    Affected Products : chrome
    • Published: Nov. 13, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2005-4428

    Cross-site scripting (XSS) vulnerability in index.php in Cerberus Helpdesk allows remote attackers to inject arbitrary web script or HTML via the kb_ask parameter.... Read more

    Affected Products : cerberus_helpdesk
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2007-4065

    lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted OGG file, aka trac Changeset 13217.... Read more

    Affected Products : libvorbis
    • Published: Sep. 21, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-5798

    Multiple cross-site scripting (XSS) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to inject arbitrary web script or HTML via the (1)... Read more

    Affected Products : websphere_application_server
    • Published: Nov. 03, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2013-6359

    Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cause a denial of service (abort data collection for node) via a plugin that uses "multigraph" as a multigraph service name.... Read more

    Affected Products : munin
    • Published: Dec. 13, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2005-4305

    Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, and 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page.... Read more

    Affected Products : trac
    • Published: Dec. 17, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2007-5809

    Cross-site scripting (XSS) vulnerability in Hitachi Web Server 01-00 through 03-10, as used by certain Cosminexus products, allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP requests that trigger creation of a server-stat... Read more

    • Published: Nov. 05, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2005-4238

    Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter.... Read more

    Affected Products : mantis
    • Published: Dec. 14, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2007-5796

    Cross-site scripting (XSS) vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revoca... Read more

    Affected Products : proxysg proxysg_firmware proxysg
    • Published: Nov. 03, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2013-6626

    The WebContentsImpl::AttachInterstitialPage function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 31.0.1650.48 does not cancel JavaScript dialogs upon generating an interstitial warning, which allows remote attackers to spo... Read more

    Affected Products : chrome
    • Published: Nov. 13, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2007-4542

    Multiple cross-site scripting (XSS) vulnerabilities in MapServer before 4.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the (1) processLine function in maptemplate.c and the (2) writeError function in... Read more

    Affected Products : mapserver
    • Published: Aug. 27, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-5061

    An issue has been discovered in GitLab affecting all versions starting from 9.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. In certain situations, it may have been possible for developers to... Read more

    Affected Products : gitlab
    • Published: Dec. 15, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-5190

    Multiple cross-site scripting (XSS) vulnerabilities in Alcatel OmniVista 4760 R4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the action parameter to php-bin/Webclient.php or (2) the Langue parameter to the default U... Read more

    Affected Products : omnivista
    • Published: Oct. 22, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-27465

    Certain instructions need intercepting and emulating by Xen. In some cases Xen emulates the instruction by replaying it, using an executable stub. Some instructions may raise an exception, which is supposed to be handled gracefully. Certain replayed in... Read more

    Affected Products : xen
    • Published: Jul. 16, 2025
    • Modified: Jul. 17, 2025
    • Vuln Type: Memory Corruption

  • 4.3

    MEDIUM
    CVE-2019-14727

    In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail password of a victim account via an attacker account.... Read more

    Affected Products : webpanel
    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2005-2438

    Cross-site scripting (XSS) vulnerability in UseBB 0.5.1 and earlier allows remote attackers to inject arbitrary Javascript via the BBCode color value.... Read more

    Affected Products : usebb
    • Published: Aug. 03, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2019-19004

    A biWidth*biBitCnt integer overflow in input-bmp.c in autotrace 0.31.1 allows attackers to provide an unexpected input value to malloc via a malformed bitmap image.... Read more

    Affected Products : fedora autotrace
    • Published: Feb. 11, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-5478

    Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : debian_linux chrome edge_chromium
    • Published: Oct. 11, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-6346

    Cross-site scripting (XSS) vulnerability in Rainboard before 2.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : rainboard
    • Published: Dec. 13, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-5649

    Cross-site scripting (XSS) vulnerability in lostpwd.php in Creative Digital Resources SocketMail 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the lost_id parameter.... Read more

    Affected Products : socketmail
    • Published: Oct. 23, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 293948 Results