Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2023-39993

    Missing Authorization vulnerability in Wpmet Elements kit Elementor addons.This issue affects Elements kit Elementor addons: from n/a through 2.9.0.... Read more

    Affected Products : elements_kit_elementor_addons
    • Published: Jun. 19, 2024
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-3140

    Missing HTTP headers (X-Frame-Options, Content-Security-Policy) in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user ... Read more

    Affected Products : business_hub
    • Published: Jun. 07, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-2660

    Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict certain uses of homograph characters in domain names, which makes it easier for remote attackers to spoof IDN domains via unspecified choices of cha... Read more

    Affected Products : mac_os_x opera_browser windows unix
    • Published: Jul. 08, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-6220

    Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0, 9.10, and 9.20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : network_node_manager_i
    • Published: May. 10, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-3267

    Cross-site scripting (XSS) vulnerability in the highlighter plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : joomla\!
    • Published: May. 03, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2006-5626

    Cross-site scripting (XSS) vulnerability in cms_images/js/htmlarea/htmlarea.php in phpFaber Content Management System (CMS) before 1.3.36 on 20061026 allows remote attackers to inject arbitrary web script or HTML, probably via arbitrary parameters in the ... Read more

    • Published: Oct. 31, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2018-6068

    Object lifecycle issue in Chrome Custom Tab in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.... Read more

    • Published: Nov. 14, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2006-3137

    Cross-site scripting (XSS) vulnerability in productDetail.asp in Edge eCommerce Shop allows remote attackers to inject arbitrary web script or HTML via the cart_id parameter.... Read more

    Affected Products : edge_ecommerce_shop
    • Published: Jun. 22, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0506

    Cross-site scripting (XSS) vulnerability in index.php in Nuked-klaN 1.7 allows remote attackers to inject arbitrary web script or HTML via the letter parameter.... Read more

    Affected Products : nuked-klan
    • Published: Feb. 01, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-2003

    Cross-site scripting (XSS) vulnerability in cgi-bin/guest in Community Architect Guestbook allows remote attackers to inject arbitrary web script or HTML by signing the guestbook, which is displayed by fsguestbook.html. NOTE: the provenance of this infor... Read more

    Affected Products : community_architect_guestbook
    • Published: Apr. 25, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2008-2025

    Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows ... Read more

    Affected Products : struts opensuse suse_linux
    • Published: Apr. 09, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-2001

    Cross-site scripting (XSS) vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: this is a different vulnerability than the directory traversal vector.... Read more

    Affected Products : scry_gallery
    • Published: Apr. 25, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2008-0005

    mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.... Read more

    Affected Products : ubuntu_linux fedora http_server
    • Published: Jan. 12, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2005-3047

    Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFaq 1.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PMF_CONF[version] parameter to footer.php or (2) PMF_LANG[metaLanguage] to header.php.... Read more

    Affected Products : phpmyfaq
    • Published: Sep. 24, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1802

    Cross-site scripting (XSS) vulnerability in index.php in TinyWebGallery 1.3 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the twg_album parameter.... Read more

    Affected Products : tinywebgallery
    • Published: Apr. 18, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-2963

    Cross-site scripting (XSS) vulnerability in Suchergebnisse.asp in Cabacos Web CMS 3.8.498 and earlier allows remote attackers to inject arbitrary web script or HTML via the suchtext parameter.... Read more

    Affected Products : cabacos_web_cms
    • Published: Jun. 12, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2007-6522

    The rich text editing functionality in Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks by using designMode to modify contents of pages in other domains.... Read more

    Affected Products : opera_browser
    • Published: Dec. 24, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2005-4024

    Cross-site scripting (XSS) vulnerability in Interspire FastFind 2004 and 2005 allows remote attackers to inject arbitrary web script or HTML via the query parameter.... Read more

    Affected Products : fastfind
    • Published: Dec. 05, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1775

    Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the (1) Site Description field in (a) admin_board.php, the (2) Group name and (3) Group description fields in (b) admin_g... Read more

    Affected Products : phpbb
    • Published: Apr. 13, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2024-33510

    An improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability [CWE-74] in FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.16 and below; FortiProxy version 7.4.3 and below, version... Read more

    Affected Products : fortios fortiproxy
    • Published: Nov. 12, 2024
    • Modified: Jan. 17, 2025
Showing 20 of 293648 Results