Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2009-4234

    Cross-site scripting (XSS) vulnerability in loginpages/error_user.shtml on the Micronet Network Access Controller SP1910 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.... Read more

    Affected Products : network_access_controller_sp1910
    • Published: Dec. 08, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-4093

    Multiple cross-site scripting (XSS) vulnerabilities in comments.php in Simplog 0.9.3.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) cname (Name) or (2) email parameters.... Read more

    Affected Products : simplog
    • Published: Nov. 29, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-4893

    Cross-site scripting (XSS) vulnerability in foodvendors.php in FestOS 2.3b allows remote attackers to inject arbitrary web script or HTML via the category parameter in a details action.... Read more

    Affected Products : festos
    • Published: Oct. 08, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-4877

    Cross-site scripting (XSS) vulnerability in index.php in OneCMS 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the view parameter.... Read more

    Affected Products : onecms
    • Published: Oct. 07, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-3025

    Multiple cross-site scripting (XSS) vulnerabilities in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) excerpt parameter to application/modules/admin/controllers/posts.php, as r... Read more

    Affected Products : open_blog
    • Published: Aug. 16, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2017-0118

    Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive... Read more

    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2010-0936

    Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter.... Read more

    Affected Products : dkvm-ip8
    • Published: Mar. 08, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-0940

    Cross-site scripting (XSS) vulnerability in guestbook.php in Simple PHP Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the action parameter.... Read more

    Affected Products : simple_php_guestbook
    • Published: Mar. 08, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-4960

    Cross-site scripting (XSS) vulnerability in the Branchenbuch (aka Yellow Pages or mh_branchenbuch) extension before 0.9.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : typo3 mh_branchenbuch
    • Published: Oct. 09, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2408

    Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors.... Read more

    Affected Products : e-business_suite
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1367

    Multiple cross-site scripting (XSS) vulnerabilities in admin/admin_login.php in Uiga Fan Club, as downloaded on 20100310, allow remote attackers to inject arbitrary web script or HTML via the (1) admin_name and (2) admin_password parameters. NOTE: the pr... Read more

    Affected Products : fan_club
    • Published: Apr. 13, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-4947

    Cross-site scripting (XSS) vulnerability in advanced_search_result.php in ALLPC 2.5 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.... Read more

    Affected Products : allpc
    • Published: Oct. 09, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-4873

    Cross-site scripting (XSS) vulnerability in confirm.php in WeBid 0.8.5 P1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.... Read more

    Affected Products : webid
    • Published: Oct. 07, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-4874

    Multiple cross-site scripting (XSS) vulnerabilities in users.php in NinkoBB 1.3 RC5 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, (3) msn, or (4) aim parameter.... Read more

    Affected Products : ninkobb
    • Published: Oct. 07, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-8033

    Inappropriate implementation in WebApp Installs in Google Chrome on Windows prior to 128.0.6613.84 allowed an attacker who convinced a user to install a malicious application to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low... Read more

    Affected Products : chrome windows edge_chromium
    • Published: Aug. 21, 2024
    • Modified: Mar. 25, 2025

  • 4.3

    MEDIUM
    CVE-2010-2457

    Cross-site scripting (XSS) vulnerability in index.php in K-Search allows remote attackers to inject arbitrary web script or HTML via the term parameter.... Read more

    Affected Products : k-search
    • Published: Jun. 25, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1371

    Cross-site scripting (XSS) vulnerability in signup.asp in Pre Classified Listings ASP allows remote attackers to inject arbitrary web script or HTML via the address parameter.... Read more

    Affected Products : pre_classified_listings_asp
    • Published: Apr. 13, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1391

    Multiple directory traversal vulnerabilities in the (a) Local Storage and (b) Web SQL database implementations in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allow remote attackers to creat... Read more

    • Published: Jun. 11, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1373

    Cross-site scripting (XSS) vulnerability in Help Viewer in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted help: URL, related to "URL parameters in HTML content."... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Jun. 17, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1393

    The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to discover sensitive URLs via an HREF attribute associated with a red... Read more

    • Published: Jun. 11, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 293634 Results