Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2010-2503

    Multiple cross-site scripting (XSS) vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) redirects, aka SPL-31067; (2) unspecified "user->user or user->admin" vectors, aka... Read more

    Affected Products : splunk
    • Published: Jun. 28, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-4573

    Multiple cross-site scripting (XSS) vulnerabilities in the Joomulus (mod_joomulus) module 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the tagcloud parameter in a tags action to (1) tagcloud_ell.swf, (2) tagcloud_eng.s... Read more

    Affected Products : joomla mod_joomulus
    • Published: Jan. 06, 2010
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-0365

    Cross-site scripting (XSS) vulnerability in search.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allows remote attackers to inject arbitrary web script or HTML via the order parameter.... Read more

    Affected Products : bits_video_script
    • Published: Jan. 21, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1361

    Cross-site scripting (XSS) vulnerability in shop/USER_ARTIKEL_HANDLING_AUFRUF.php in PHPepperShop 2.5 allows remote attackers to inject arbitrary web script or HTML via the darstellen parameter.... Read more

    Affected Products : phpeppershop
    • Published: Apr. 13, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-4590

    Cross-site scripting (XSS) vulnerability in base_local_rules.php in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : base
    • Published: Jan. 07, 2010
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-0641

    Cross-site scripting (XSS) vulnerability in webline/html/admin/wcs/LoginPage.jhtml in Cisco Collaboration Server (CCS) 5 allows remote attackers to inject arbitrary web script or HTML via the dest parameter.... Read more

    Affected Products : collaboration_server
    • Published: Feb. 17, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-4939

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in AdPeeps 8.5d1 allow remote attackers to inject arbitrary web script or HTML via the (1) uid parameter, (2) uid parameter in a login_lookup action, (3) uid parameter in an adminlogin actio... Read more

    Affected Products : adpeeps
    • Published: Jul. 22, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-4882

    Cross-site scripting (XSS) vulnerability in zc/publisher/html.rb in ZoneCheck 2.0.4-13 and 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the ns parameter to zc.cgi.... Read more

    Affected Products : zonecheck
    • Published: Jun. 02, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1367

    Multiple cross-site scripting (XSS) vulnerabilities in admin/admin_login.php in Uiga Fan Club, as downloaded on 20100310, allow remote attackers to inject arbitrary web script or HTML via the (1) admin_name and (2) admin_password parameters. NOTE: the pr... Read more

    Affected Products : fan_club
    • Published: Apr. 13, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2023-0141

    Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : chrome edge_chromium
    • Published: Jan. 10, 2023
    • Modified: Mar. 20, 2025

  • 4.3

    MEDIUM
    CVE-2010-2509

    Multiple cross-site scripting (XSS) vulnerabilities in 2daybiz Web Template Software allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to category.php and the (2) password parameter to memberlogin.php.... Read more

    Affected Products : web_template_software
    • Published: Jun. 28, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-4681

    Cross-site scripting (XSS) vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to inject arbitrary web script or HTML via the st parameter.... Read more

    Affected Products : phpdirectorysource
    • Published: Mar. 10, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-4649

    Multiple cross-site scripting (XSS) vulnerabilities in geccBBlite 0.1 allow remote attackers to inject arbitrary web script or HTML via the postatoda parameter to (1) rispondi.php and (2) scrivi.php, which is not properly handled in forum.php.... Read more

    Affected Products : geccbblite
    • Published: Feb. 22, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-0636

    Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.2.0, and other versions before 1.2.5, allow remote attackers to inject arbitrary web script or HTML via the (1) tab parameter to users.php and the PATH_INFO to (2) day.php, (3) month.php... Read more

    Affected Products : webcalendar webcalendar
    • Published: Feb. 12, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-4767

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in Plohni Shoutbox 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) input_name and (2) input_text parameters. NOTE: some of these details are obtained from third... Read more

    Affected Products : shoutbox
    • Published: Apr. 20, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-0446

    Unspecified vulnerability on the HP DreamScreen 100 and 130 with firmware before 1.6.0.0, when using a web-connected configuration, allows remote attackers to obtain sensitive information via unknown vectors.... Read more

    Affected Products : dreamscreen
    • Published: Feb. 12, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-0455

    Cross-site scripting (XSS) vulnerability in forum/viewtopic.php in PunBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the pid parameter.... Read more

    Affected Products : punbb
    • Published: Jan. 28, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-4601

    Cross-site scripting (XSS) vulnerability in basic_search_result.php in Zeeways ZeeJobsite 3x allows remote attackers to inject arbitrary web script or HTML via the title parameter.... Read more

    Affected Products : zeejobsite
    • Published: Jan. 12, 2010
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-0475

    Cross-site scripting (XSS) vulnerability in esp/editUser.esp in the Palo Alto Networks firewall 3.0.x before 3.0.9 and 3.1.x before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the role parameter.... Read more

    Affected Products : firewall
    • Published: May. 14, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-5715

    The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via u... Read more

    Affected Products : wordpress
    • Published: May. 22, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 293620 Results