Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2006-1040

    Cross-site scripting (XSS) vulnerability in vBulletin 3.0.12 and 3.5.3 allows remote attackers to inject arbitrary web script or HTML via the email field, which is injected in profile.php but not sanitized in sendmsg.php.... Read more

    Affected Products : vbulletin
    • Published: Mar. 07, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2007-0651

    Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Professional before 2.37 allow remote attackers to inject arbitrary Javascript script via (1) e-mail messages and (2) the ID parameter to (a) right.asp, (b) Forms/MAI/list.asp, and (c) Form... Read more

    Affected Products : mailenable_professional
    • Published: Feb. 15, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2005-4870

    Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) xmlclobfromfile, (3) xmlfilefromvarchar, and (4) xmlfilefromclob function calls in IBM DB2 8.1 allow remote attackers to execute arbitrary code via a 94-byte second argument, which causes the... Read more

    Affected Products : db2
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2010-3715

    Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the RemoveXSS function, and allow remote ... Read more

    Affected Products : typo3
    • Published: Oct. 25, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2007-1500

    The Linux Security Auditing Tool (LSAT) allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using /tmp/lsat1.lsat.... Read more

    Affected Products : linux
    • Published: Mar. 19, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2004-1146

    Multiple cross-site scripting (XSS) vulnerabilities in (1) main.c and (2) login.c for CVSTrac before 1.1.5 allow remote attackers to inject arbitrary HTML and web script.... Read more

    Affected Products : cvstrac
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2018-14628

    An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.... Read more

    Affected Products : fedora samba
    • Published: Jan. 17, 2023
    • Modified: Jan. 22, 2025

  • 4.3

    MEDIUM
    CVE-2006-0524

    Cross-site scripting (XSS) vulnerability in ashnews.php in Derek Ashauer ashNews 0.83 allows remote attackers to inject arbitrary web script or HTML via the id parameter.... Read more

    Affected Products : ashnews
    • Published: Feb. 02, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2011-1897

    Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vulnerab... Read more

    Affected Products : forefront_unified_access_gateway
    • Published: Oct. 12, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-3121

    Multiple cross-site scripting (XSS) vulnerabilities in Xerox CentreWare Web (CWW) before 4.6.46 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : centreware_web
    • Published: Jul. 10, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-0070

    Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect integrity via unknown vectors.... Read more

    Affected Products : application_server
    • Published: Jan. 13, 2010
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2002-1845

    Cross-site scripting (XSS) vulnerability in index.php in Yet Another Bulletin Board (YaBB) 1.40 and 1.41 allows remote attackers to inject arbitrary web script or HTML via the password (passwrd) parameter.... Read more

    Affected Products : yabb
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4501

    MediaWiki before 1.5.4 uses a hard-coded "internal placeholder string", which allows remote attackers to bypass protection against cross-site scripting (XSS) attacks and execute Javascript using inline style attributes, which are processed by Internet Exp... Read more

    Affected Products : mediawiki
    • Published: Dec. 22, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2010-3697

    The wait_for_child_to_die function in main/event.c in FreeRADIUS 2.1.x before 2.1.10, in certain circumstances involving long-term database outages, does not properly handle long queue times for requests, which allows remote attackers to cause a denial of... Read more

    Affected Products : freeradius
    • Published: Oct. 07, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2002-1494

    Cross-site scripting (XSS) vulnerabilities in Aestiva HTML/OS allows remote attackers to insert arbitrary HTML or script by inserting the script after a trailing / character, which inserts the script into the resulting error message.... Read more

    Affected Products : html_os
    • Published: Apr. 02, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-22009

    Vulnerability in the Oracle Self-Service Human Resources product of Oracle E-Business Suite (component: Workforce Management). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with n... Read more

    Affected Products : self-service_human_resources
    • Published: Jul. 18, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2011-1712

    The txXPathNodeUtils::getXSLTId function in txMozillaXPathTreeWalker.cpp and txStandaloneXPathTreeWalker.cpp in Mozilla Firefox before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1, and SeaMonkey before 2.0.14, allows remote attackers to obtain potent... Read more

    Affected Products : firefox seamonkey
    • Published: Apr. 15, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-1872

    Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string... Read more

    Affected Products : coldfusion
    • Published: Aug. 18, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2002-1802

    Cross-site scripting (XSS) vulnerability in Xoops 1.0 RC3 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag when submitting news.... Read more

    Affected Products : xoops
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2002-1195

    Cross-site scripting vulnerability (XSS) in the PHP interface for ht://Check 1.1 allows remote web servers to insert arbitrary HTML, including script, via a web page.... Read more

    Affected Products : ht_check
    • Published: Oct. 28, 2002
    • Modified: Apr. 03, 2025
Showing 20 of 293620 Results