Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-4205

    The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_template_content() function in all versions up to, and including, 4.10.31. This makes it possible for authentic... Read more

    Affected Products : premium_addons_for_elementor
    • Published: May. 31, 2024
    • Modified: Jan. 15, 2025

  • 4.3

    MEDIUM
    CVE-2009-3014

    Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote ... Read more

    Affected Products : firefox seamonkey mozilla
    • Published: Aug. 31, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-3418

    Multiple cross-site scripting (XSS) vulnerabilities in NetArt Media Car Portal 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) car_id parameter to index.php and (2) y parameter to include/images.php.... Read more

    Affected Products : car_portal
    • Published: Sep. 16, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-4946

    Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via (1) unspecified flags or (2) ... Read more

    Affected Products : groupware internet_mail_program
    • Published: Jul. 14, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6969

    Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, which is not properly handled in a Reply link.... Read more

    Affected Products : serendipity
    • Published: Sep. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-1690

    The TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the terawallet_export_user_search() function in a... Read more

    Affected Products : terawallet
    • Published: Mar. 13, 2024
    • Modified: Feb. 05, 2025

  • 4.3

    MEDIUM
    CVE-2015-6416

    Cross-site scripting (XSS) vulnerability in Cisco Unified Email Interaction Manager and Unified Web Interaction Manager 11.0(1) allows remote attackers to inject arbitrary web script or HTML a crafted URL, aka Bug ID CSCuw24479.... Read more

    • Published: Dec. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2021-34881

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou... Read more

    Affected Products : microstation view bentley_view
    • Published: Jan. 13, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2018-7776

    The vulnerability exists within error.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. System information is returned to the attacker that contains sensitive data.... Read more

    Affected Products : u.motion_builder
    • Published: Jul. 03, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-6029

    Multiple cross-site scripting (XSS) vulnerabilities in the web-authentication function on the Cisco NAC Appliance 4.9.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cm or (2) uri parameters to (a) perfigo_weblogin.... Read more

    Affected Products : nac_appliance
    • Published: Jan. 31, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-4003

    Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJECT GLPI before 0.83.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.... Read more

    Affected Products : glpi
    • Published: Oct. 09, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-2078

    Multiple cross-site scripting (XSS) vulnerabilities in Booktree 5.x before 5.x-7.3 and 6.x before 6.x-1.1, a module for Drupal, allow remote attackers to inject arbitrary web script or HTML via the (1) node title and (2) node body in a tree root page.... Read more

    Affected Products : drupal booktree
    • Published: Jun. 16, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-3828

    iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle attackers to make calls via a crafted URL in an ad.... Read more

    Affected Products : iphone_os
    • Published: Nov. 26, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-0195

    Cross-site scripting (XSS) vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Requ... Read more

    • Published: Mar. 13, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2615

    Multiple cross-site scripting (XSS) vulnerabilities in admin/admin.php in Grafik CMS 1.1.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) page_menu and (2) description parameters in an edit_page action.... Read more

    Affected Products : grafik_cms
    • Published: Jul. 02, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2022-21243

    Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 18.0.0.0-18.0.3.0, 19.0.0.0-19.0.1.2, 20.0.0.0 and 20.0.0.1. Easily exploitable vulnerabil... Read more

    Affected Products : primavera_portfolio_management
    • Published: Jan. 19, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-39729

    IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 could allow an authenticated user to obtain sensitive information from source code that could be used in further attacks against the system. IBM X-Force ID: 295968.... Read more

    Affected Products : datacap datacap_navigator
    • Published: Jul. 15, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-15326

    DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communic... Read more

    • Published: Mar. 23, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2011-0641

    Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/admin.php in the StatPressCN plugin 1.9.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) what1, (2) what2, (3) what3, (4) what4, and (5) what5 paramet... Read more

    Affected Products : wordpress statpresscn
    • Published: Jan. 25, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-4135

    Cross-site scripting (XSS) vulnerability in goto.php in phpwind 8.7 allows remote attackers to inject arbitrary web script or HTML via the url parameter.... Read more

    Affected Products : phpwind
    • Published: May. 28, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293412 Results