Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2006-0472

    Cross-site scripting (XSS) vulnerability in guestbook.php in my little homepage my little guestbook, as last modified in March 2004, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags.... Read more

    Affected Products : my_little_guestbook
    • Published: Jan. 31, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2019-2887

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with... Read more

    Affected Products : weblogic_server
    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2008-2593

    Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2594.... Read more

    Affected Products : application_server
    • Published: Jul. 15, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-3740

    Cross-site scripting (XSS) vulnerability in the output filter in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal
    • Published: Aug. 27, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2012-3451

    Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.... Read more

    Affected Products : cxf
    • Published: Sep. 24, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-2861

    Multiple cross-site scripting (XSS) vulnerabilities in eLineStudio Site Composer (ESC) 2.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topic and (2) button parameters to ansFAQ.asp and the (3) id and (4) txtEmail ... Read more

    Affected Products : site_composer
    • Published: Jun. 25, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-2855

    Cross-site scripting (XSS) vulnerability in clanek.php in OwnRS Beta 3 allows remote attackers to inject arbitrary web script or HTML via the id parameter.... Read more

    Affected Products : ownrs
    • Published: Jun. 25, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-2911

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in Contenido 4.8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) contenido, (2) Belang, and (3) username parameters.... Read more

    Affected Products : contendio
    • Published: Jun. 30, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2020-10945

    Centreon before 19.10.7 exposes Session IDs in server responses.... Read more

    Affected Products : centreon widget-host-monitoring
    • Published: May. 27, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2008-2344

    Cross-site scripting (XSS) vulnerability in the air_filemanager 0.6.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : air_filemanager
    • Published: May. 19, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-0978

    Multiple cross-site scripting (XSS) vulnerabilities in the View Headers (aka viewheaders) functionality in ArGoSoft Mail Server Pro 1.8.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the Subject header, (2) the From header, and ... Read more

    Affected Products : argosoft_mail_server
    • Published: Mar. 03, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2008-3404

    Cross-site scripting (XSS) vulnerability in guestbook.js.php in MJGuest 6.8 GT allows remote attackers to inject arbitrary web script or HTML via the link parameter.... Read more

    Affected Products : mjguest
    • Published: Jul. 31, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2012-1445

    The ELF file parser in eSafe 7.0.17.0, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified abi field. NOTE: this may later be SPLIT i... Read more

    • Published: Mar. 21, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2006-0699

    Cross-site scripting (XSS) vulnerability in search.php in QWikiWiki 1.5, and possibly 1.5.1 and other versions, allows remote attackers to inject arbitrary web script or HTML via the query parameter.... Read more

    Affected Products : qwikiwiki
    • Published: Feb. 15, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2008-2766

    Cross-site scripting (XSS) vulnerability in Xigla Absolute Image Gallery XE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) admin/search.asp and (2) gallery.asp.... Read more

    Affected Products : absolute_image_gallery_xe
    • Published: Jun. 18, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-2557

    Cross-site scripting (XSS) vulnerability in CRE Loaded 6.2.13.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) Links and (2) Links Submit pages.... Read more

    Affected Products : cre_loaded
    • Published: Jun. 05, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-2578

    Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 and 9.2 MP1 has unknown impact and local attack vectors.... Read more

    Affected Products : weblogic_server
    • Published: Jul. 15, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-2333

    Cross-site scripting (XSS) vulnerability in ldap_test.cgi in Barracuda Spam Firewall (BSF) before 3.5.11.025 allows remote attackers to inject arbitrary web script or HTML via the email parameter.... Read more

    Affected Products : barracuda_spam_firewall
    • Published: May. 23, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-2975

    Cross-site scripting (XSS) vulnerability in admin/objects/obj_image.php in TinX/cms 1.1 allows remote attackers to inject arbitrary web script or HTML via the language parameter.... Read more

    Affected Products : tinx_cms
    • Published: Jul. 02, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-2566

    Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the group parameter to (1) index.php or (2) the default URI.... Read more

    Affected Products : php-address_book
    • Published: Jun. 06, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 293589 Results