Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2009-0581

    Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.... Read more

    Affected Products : firefox gimp openjdk little_cms openjdk
    • Published: Mar. 23, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2015-0727

    Cross-site scripting (XSS) vulnerability in the HTTP module in Cisco Security Manager (CSM) 4.7(0)SP1(1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut27789.... Read more

    Affected Products : security_manager
    • Published: May. 15, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2008-6465

    Multiple cross-site scripting (XSS) vulnerabilities in login.php in webshell4 in Parallels H-Sphere 3.0.0 P9 and 3.1 P1 allow remote attackers to inject arbitrary web script or HTML via the (1) err, (2) errorcode, and (3) login parameters.... Read more

    Affected Products : h-sphere
    • Published: Mar. 13, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2005-4607

    Cross-site scripting (XSS) vulnerability in index.php in BugPort 1.147 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) ids[0], (2) action, (3) report_id, (4) devWherePair[1][1], and (5) binds[0] parameters.... Read more

    Affected Products : bugport
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2009-0575

    Cross-site scripting (XSS) vulnerability in the theme_views_bulk_operations_confirmation function in views_bulk_operations.module in Views Bulk Operations 5.x before 5.x-1.3 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject ar... Read more

    • Published: Feb. 13, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-6297

    Cross-site scripting (XSS) vulnerability in order.php in DHCart allows remote attackers to inject arbitrary web script or HTML via the (1) domain and (2) d1 parameters.... Read more

    Affected Products : dhcart
    • Published: Feb. 26, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-6295

    Multiple cross-site scripting (XSS) vulnerabilities in Camera Life 2.6.2b8 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.php and (2) rss.php; the query string after the image name in (3) photos/photo; the ... Read more

    Affected Products : camera_life
    • Published: Feb. 26, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-6343

    Cross-site scripting (XSS) vulnerability in the TU-Clausthal ODIN (tuc_odin) extension 0.0.1, 0.1.0, 0.1.1, and 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : typo3 tu-clausthal_odin
    • Published: Feb. 27, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-6359

    Cross-site scripting (XSS) vulnerability in index.php in Max's Guestbook allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, and (3) message parameters.... Read more

    Affected Products : max\'s_guestbook
    • Published: Mar. 02, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-6267

    Cross-site scripting (XSS) vulnerability in detail.php in Multi Languages WebShop Online 1.02 allows remote attackers to inject arbitrary web script or HTML via the name parameter.... Read more

    Affected Products : multi_languages_webshop_online
    • Published: Feb. 25, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-6278

    Multiple cross-site scripting (XSS) vulnerabilities in product.php in RakhiSoftware Price Comparison Script (aka Shopping Cart) allow remote attackers to inject arbitrary web script or HTML via the (1) category_id and (2) subcategory_id parameters.... Read more

    Affected Products : rakhisoftware_shopping_cart
    • Published: Feb. 25, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-6248

    Cross-site scripting (XSS) vulnerability in all.php in Galatolo WebManager 1.3a and earlier allows remote attackers to inject arbitrary web script or HTML via the tag parameter.... Read more

    Affected Products : galatolo_webmanager
    • Published: Feb. 23, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-6280

    Cross-site scripting (XSS) vulnerability in apply.cgi on the Linksys WRT160N allows remote attackers to inject arbitrary web script or HTML via the action parameter in a DHCP_Static operation.... Read more

    Affected Products : wrt160n
    • Published: Feb. 25, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-6306

    Cross-site scripting (XSS) vulnerability in signinform.php in Softbiz Classifieds Script allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the provenance of this information is unknown; the details are obtained s... Read more

    Affected Products : classifieds_script
    • Published: Feb. 26, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-6259

    Cross-site scripting (XSS) vulnerability in search.asp in QuadComm Q-Shop 3.0, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the srkeys parameter.... Read more

    Affected Products : q-shop
    • Published: Feb. 24, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-1796

    Cross-site scripting (XSS) vulnerability in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to an error page.... Read more

    Affected Products : java_system_portal_server
    • Published: May. 26, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-6275

    Cross-site scripting (XSS) vulnerability in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified messages.... Read more

    Affected Products : joomla\! user_karma_module
    • Published: Feb. 25, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-1700

    The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a ... Read more

    Affected Products : iphone_os safari ipod_touch
    • Published: Jun. 10, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-6212

    Cross-site scripting (XSS) vulnerability in admin.php in Php-Stats 0.1.9.1 allows remote attackers to inject arbitrary web script or HTML via the (1) sel_mese and (2) sel_anno parameters in a systems action. NOTE: the provenance of this information is unk... Read more

    Affected Products : php-stats
    • Published: Feb. 20, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-6208

    Cross-site scripting (XSS) vulnerability in submitnews.php in e107 CMS 0.7.11 allows remote attackers to inject arbitrary web script or HTML via the (1) author_name, (2) itemtitle, and (3) item parameters. NOTE: the provenance of this information is unkn... Read more

    Affected Products : e107
    • Published: Feb. 20, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 293505 Results