Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2011-2400

    Cross-site scripting (XSS) vulnerability in HP SiteScope 9.x, 10.x, and 11.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : sitescope
    • Published: Jul. 29, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2007-3383

    Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via t... Read more

    Affected Products : tomcat
    • Published: Jul. 25, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-3200

    MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attackers to cause a denial of service (NULL pointer dereference and multiple-instance application crash) via a crafted buffer in a Word document, as demonstrated by word_crash_11.8326.8324_... Read more

    Affected Products : word
    • Published: Sep. 20, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2004-2624

    Cross-site scripting (XSS) vulnerability in "TextSearch" in WackoWiki 3.5 allows remote attackers to inject arbitrary web script or HTML via the "phrase" parameter.... Read more

    Affected Products : wackowiki
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2009-1171

    The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a "$$" sequence, which causes LaTeX to include the contents of the file.... Read more

    Affected Products : moodle
    • Published: Mar. 30, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2020-15594

    An SSRF issue was discovered in Zoho Application Control Plus before version 10.0.511. The mail gateway configuration feature allows an attacker to perform a scan in order to discover open ports on a machine as well as available machines on the network se... Read more

    • Published: Sep. 30, 2020
    • Modified: May. 30, 2025

  • 4.3

    MEDIUM
    CVE-2013-0793

    Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 do not ensure the correctness of the address bar during history navigation, which allows remote attackers... Read more

    • Published: Apr. 03, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2017-8736

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to o... Read more

    • Published: Sep. 13, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2011-0687

    Opera before 11.01 does not properly implement Wireless Application Protocol (WAP) dropdown lists, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted WAP document.... Read more

    Affected Products : opera_browser
    • Published: Jan. 31, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-4114

    Cross-site scripting (XSS) vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.5x, 7.5x, and 7.6x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • Published: Dec. 22, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-4109

    Cross-site scripting (XSS) vulnerability in the Contacts Application in HP Palm webOS before 2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted vCard file.... Read more

    Affected Products : palm_webos
    • Published: Dec. 08, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2019-1192

    A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins. The vulnerability allows Microsoft browsers to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwis... Read more

    • Published: Aug. 14, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2011-0613

    Multiple cross-site scripting (XSS) vulnerabilities in RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to (1) wf_status.htm and (2) wf_topicfs.htm in RoboHTML/Wi... Read more

    Affected Products : robohelp_server robohelp
    • Published: May. 16, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-4523

    Cross-site scripting (XSS) vulnerability in bwview.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.... Read more

    Affected Products : advantech_webaccess
    • Published: Feb. 21, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-4667

    Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.4.27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : coppermine_photo_gallery
    • Published: Jun. 14, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2023-25165

    Helm is a tool that streamlines installing and managing Kubernetes applications.`getHostByName` is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address ... Read more

    Affected Products : helm
    • Published: Feb. 08, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-13405

    The Apptivo Business Site CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.3. This is due to missing or incorrect nonce validation on the 'awp_ip_deny' page. This makes it possible for unauthenti... Read more

    Affected Products : apptivo_business_site_crm
    • Published: Feb. 19, 2025
    • Modified: Feb. 19, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2011-3010

    Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic; or ... Read more

    Affected Products : twiki
    • Published: Sep. 30, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-4207

    Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets... Read more

    Affected Products : moodle bugzilla yui
    • Published: Nov. 07, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-4214

    The Wells Fargo Mobile application 1.1 for Android stores a username and password, along with account balances, in cleartext, which might allow physically proximate attackers to obtain sensitive information by reading application data.... Read more

    Affected Products : android wells_fargo_mobile
    • Published: Nov. 09, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 292815 Results