Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2009-3015

    QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and data: URIs in Refresh and Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh h... Read more

    Affected Products : qtweb
    • Published: Aug. 31, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3858

    Cross-site scripting (XSS) vulnerability in GejoSoft allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI in photos/tags.... Read more

    Affected Products : gejosoft
    • Published: Nov. 04, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-2992

    An unspecified ActiveX control in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 does not properly validate input, which allows attackers to cause a denial of service via unknown vectors.... Read more

    Affected Products : acrobat acrobat_reader
    • Published: Oct. 19, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-4715

    Cross-site scripting (XSS) vulnerability in rates.php in Real Time Currency Exchange allows remote attackers to inject arbitrary web script or HTML via the Amount parameter.... Read more

    Affected Products : real_time_currency_exchange
    • Published: Mar. 15, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-2913

    Cross-site scripting (XSS) vulnerability in index.php in XZero Community Classifieds 4.97.8 allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the details are obtained solely f... Read more

    Affected Products : xzero_community_classifieds
    • Published: Aug. 21, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-2928

    Cross-site scripting (XSS) vulnerability in login.php in TGS Content Management 0.x allows remote attackers to inject arbitrary web script or HTML via the previous_page parameter, a different vector than CVE-2008-6839.... Read more

    Affected Products : tgs_content_management
    • Published: Aug. 21, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2014-0034

    The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token.... Read more

    • Published: Jul. 07, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2009-2995

    Integer overflow in Adobe Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows attackers to cause a denial of service via unspecified vectors.... Read more

    Affected Products : acrobat
    • Published: Oct. 19, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3948

    JetAudio 7.5.3 COWON Media Center allows remote attackers to cause a denial of service (memory consumption and application crash) via a long string at the end of a .wav file.... Read more

    Affected Products : cowon_media_center-jetaudio
    • Published: Nov. 16, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-2959

    Cross-site scripting (XSS) vulnerability in the waterfall web status view (status/web/waterfall.py) in Buildbot 0.7.6 through 0.7.11p1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : buildbot
    • Published: Aug. 25, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-2887

    Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts Now President Bios allows remote attackers to inject arbitrary web script or HTML via the rank parameter.... Read more

    Affected Products : president_bios
    • Published: Aug. 20, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-0086

    Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-0855.... Read more

    Affected Products : fusion_middleware
    • Published: Apr. 13, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-3901

    Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS allow remote attackers to inject arbitrary web script or HTML via the UserGUID parameter to home/index.asp and other unspecified vectors.... Read more

    Affected Products : e-courirer_cms
    • Published: Nov. 06, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-0187

    Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allow remote attackers to cause a denial of service (application crash) via a modified SWF file.... Read more

    Affected Products : flash_player adobe_air
    • Published: Feb. 15, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-3003

    Microsoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, w... Read more

    Affected Products : internet_explorer
    • Published: Aug. 28, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-4534

    Open redirect vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.... Read more

    Affected Products : drupal faq_ask
    • Published: Dec. 31, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-2945

    weblogin/login.fcgi (aka the WebLogin login script) in Stanford University WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain circumstances involving conversion of a POST request to a GET request, which allows context-dependent attackers ... Read more

    Affected Products : webauth
    • Published: Sep. 15, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-2907

    Multiple cross-site scripting (XSS) vulnerabilities in SpringSource tc Server 6.0.20.B and earlier, Application Management Suite (AMS) before 2.0.0.SR4, Hyperic HQ Open Source before 4.2.x, Hyperic HQ 4.0 Enterprise before 4.0.3.2, and Hyperic HQ 4.1 Ente... Read more

    • Published: Mar. 24, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-4767

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in Plohni Shoutbox 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) input_name and (2) input_text parameters. NOTE: some of these details are obtained from third... Read more

    Affected Products : shoutbox
    • Published: Apr. 20, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-0607

    Cross-site scripting (XSS) vulnerability in Forms/status_statistics_1 in the Sterlite SAM300 AX Router allows remote attackers to inject arbitrary web script or HTML via the Stat_Radio parameter.... Read more

    Affected Products : sam300_ax_router
    • Published: Feb. 11, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 293559 Results