Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2021-4409

    The WooCommerce Etsy Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.1. This is due to missing or incorrect nonce validation on the etcpf_delete_feed() function. This makes it possible for... Read more

    Affected Products : woocommerce_etsy_integration
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-2869

    The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the do_field_reorder function in versions up to, and including, 3.4.7.3. This makes it possible for authenticated atta... Read more

    Affected Products : wp-members wp-members
    • Published: Jul. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-4714

    Cross-site scripting (XSS) vulnerability in the DreamBox DM500-S allows remote attackers to inject arbitrary web script or HTML via the mode parameter to /body.... Read more

    • Published: Jun. 22, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2017-2091

    Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors.... Read more

    Affected Products : garoon
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2011-0158

    MobileSafari in Apple iOS before 4.3 does not properly implement application launching through URL handlers, which allows remote attackers to cause a denial of service (persistent application crash) via crafted JavaScript code.... Read more

    Affected Products : iphone_os
    • Published: Mar. 11, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-4408

    Multiple cross-site scripting (XSS) vulnerabilities in models.parser in PyForum 1.0.3 and possibly earlier versions, and possibly zForum, allow remote attackers to inject arbitrary web script or HTML via crafted BBcode (1) img or (2) url tags, which are n... Read more

    Affected Products : pyforum pyforum
    • Published: Dec. 23, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-4822

    core/model/MySQLDatabase.php in SilverStripe 2.4.x before 2.4.4, when the site is running in "live mode," allows remote attackers to obtain the SQL queries for a page via the showqueries and ajax parameters.... Read more

    Affected Products : silverstripe
    • Published: Sep. 17, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-7280

    Buffer overflow in HansoTools Hanso Player 2.1.0, 2.5.0, and earlier allows remote attackers to cause a denial of service (crash) via a long string in a .m3u file.... Read more

    Affected Products : hanso_player
    • Published: Jan. 08, 2014
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2006-3101

    Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco Secure ACS for UNIX 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) error, (2) SSL, and (3) Ok parameters.... Read more

    Affected Products : secure_access_control_server
    • Published: Jun. 21, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-5503

    Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) 1.1 RC2 allows remote attackers to inject arbitrary web script or HTML via the action parameter.... Read more

    Affected Products : simple_machines_forum
    • Published: Oct. 25, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2016-8926

    IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to read system files or data that is restricted to authorized users. IBM X-Force ID: 118539.... Read more

    • Published: Apr. 14, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2009-2778

    Cross-site scripting (XSS) vulnerability in visitor/view.php in GarageSales Script allows remote attackers to inject arbitrary web script or HTML via the key parameter. NOTE: some of these details are obtained from third party information.... Read more

    Affected Products : garagesales_script
    • Published: Aug. 14, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2012-1442

    The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0.0.125, F-Secure Anti-Virus 9.0.16160.0, Sophos Anti-Virus 4.... Read more

    • Published: Mar. 21, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2007-3672

    Cross-site scripting (XSS) vulnerability in ecrire/tools.php in DotClear 1.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified form fields on the blogroll page.... Read more

    Affected Products : dotclear
    • Published: Jul. 10, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2011-3423

    Cross-site scripting (XSS) vulnerability in the Managed File Transfer server in TIBCO Managed File Transfer Internet Server before 7.1.1 and Managed File Transfer Command Center before 7.1.1, and the server in TIBCO Slingshot before 1.8.1, allows remote a... Read more

    • Published: Sep. 19, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2007-5477

    Cross-site scripting (XSS) vulnerability in auth.w in djeyl.net WebMod 0.48 Half-Life Dedicated Server plugin allows remote attackers to inject arbitrary web script or HTML via the redir parameter.... Read more

    • Published: Oct. 16, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3057

    Multiple cross-site scripting (XSS) vulnerabilities in AOM Software Beex 3 allow remote attackers to inject arbitrary web script or HTML via the navaction parameter to (1) news.php and (2) partneralle.php.... Read more

    Affected Products : beex
    • Published: Sep. 03, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-2785

    Multiple cross-site scripting (XSS) vulnerabilities in PHP Open Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to buy.php and the id parameter to (2) contact.php and (3) tellafriend.php.... Read more

    Affected Products : php_open_classifieds_script
    • Published: Aug. 17, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-2527

    Cross-site scripting (XSS) vulnerability in view.php in ActualScripts ActualAnalyzer Server 8.37 and earlier, ActualAnalyzer Gold 7.74 and earlier, ActualAnalyzer Pro 6.95 and earlier, and ActualAnalyzer Lite 2.78 and earlier allows remote attackers to in... Read more

    • Published: Jun. 03, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-4774

    Cross-site scripting (XSS) vulnerability in main/main.php in QuestCMS allows remote attackers to inject arbitrary web script or HTML via the cx parameter.... Read more

    Affected Products : questcms
    • Published: Oct. 28, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 293360 Results