Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2009-3809

    Acoustica MP3 Audio Mixer 1.0 and possibly 2.471 allows remote attackers to cause a denial of service (crash) via a long string in a .sgp playlist file.... Read more

    Affected Products : mp3_audio_mixer
    • Published: Oct. 27, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-4062

    Multiple cross-site scripting (XSS) vulnerabilities in the Printfriendly module 6.x before 6.x-1.6 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal printfriendly
    • Published: Nov. 24, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-4772

    Unspecified vulnerability in the PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal, when a custom checkout completion message is enabled, allows attackers to obtain sensitive informa... Read more

    Affected Products : drupal ubercart
    • Published: Apr. 20, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-10971

    Improper access control in the Password History feature in Devolutions DVLS 2024.3.6 and earlier allows a malicious authenticated user to obtain sensitive data via faulty permission.... Read more

    Affected Products : devolutions_server
    • Published: Nov. 12, 2024
    • Modified: Jun. 27, 2025

  • 4.3

    MEDIUM
    CVE-2009-3914

    Cross-site scripting (XSS) vulnerability in the Temporary Invitation module 5.x before 5.x-2.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the Name field in an invitation.... Read more

    Affected Products : drupal temporary_invitation
    • Published: Nov. 09, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-10852

    The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the buy_one_click_export_options AJAX action in all versions up to, and including, 2.2.9. This makes it possible for authe... Read more

    Affected Products : buy_one_click_woocommerce
    • Published: Nov. 13, 2024
    • Modified: Nov. 13, 2024

  • 4.3

    MEDIUM
    CVE-2009-3012

    Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting ... Read more

    Affected Products : firefox
    • Published: Aug. 31, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2005-2324

    Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and 2.0a allows remote attackers to inject arbitrary web script or HTML via the searchtype or searchterm parameters to (1) results.php or (2) categorysearch.php.... Read more

    Affected Products : clever_copy
    • Published: Jul. 19, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2009-4995

    Cross-site scripting (XSS) vulnerability in frmTickets.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the email address field. NOTE: the provenance of this information is unknown; the ... Read more

    Affected Products : smartertrack
    • Published: Aug. 25, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-0432

    Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStore... Read more

    Affected Products : ofbiz
    • Published: Apr. 15, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-3764

    Unspecified vulnerability in the OpenSSO component in Oracle OpenSSO Enterprise 8.0 allows remote attackers to affect integrity via unknown vectors.... Read more

    Affected Products : opensso_enterprise
    • Published: Jul. 13, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-4976

    Cross-site scripting (XSS) vulnerability in webkitpart.cpp in kwebkitpart allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vulnerability to CV... Read more

    Affected Products : konqueror kwebkitpart
    • Published: Aug. 02, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-3152

    Multiple cross-site scripting (XSS) vulnerabilities in becommunity/community/index.php in NTSOFT BBS E-Market Professional allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) bt_code, and (3) b_no parameters in a board view... Read more

    Affected Products : bbs_e-market
    • Published: Sep. 10, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-2823

    The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Nov. 10, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-0326

    Cross-site scripting (XSS) vulnerability in the Developer log (devlog) extension 2.9.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : typo3 devlog devlog
    • Published: Jan. 15, 2010
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-4937

    Cross-site scripting (XSS) vulnerability in Small Pirate (SPirate) 2.1 allows remote attackers to inject arbitrary web script or HTML via an onmouseover action in an img BBCode tag within a url BBCode tag.... Read more

    Affected Products : small_pirate
    • Published: Jul. 22, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-2665

    Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : fedora cacti
    • Published: Jun. 17, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2009-4400

    Cross-site scripting (XSS) vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : typo3 ste_parish_admin
    • Published: Dec. 22, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-4924

    Dan Pascu python-cjson 1.0.5 does not properly handle a ['/'] argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting (XSS) attacks involving Firefox and the end tag of a SCRIPT element.... Read more

    Affected Products : python-cjson
    • Published: Jul. 02, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-4317

    Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Cart allows remote attackers to inject arbitrary web script or HTML via the sid parameter in a showcat action.... Read more

    Affected Products : ez_cart
    • Published: Dec. 14, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 293507 Results