Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2022-23081

    In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Reflected XSS.... Read more

    Affected Products : openlibrary
    • Published: Jun. 22, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-20088

    A vulnerability classified as problematic has been found in Atahualpa Theme. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely.... Read more

    Affected Products : atahualpa
    • Published: Jun. 23, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-4726

    IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 1... Read more

    Affected Products : sterling_b2b_integrator
    • Published: Feb. 26, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2004-1954

    Cross-site scripting (XSS) vulnerability in modules.php in phProfession 2.5 allows remote attackers to inject arbitrary web script or HTML via the jcode parameter.... Read more

    Affected Products : phprofession
    • Published: Apr. 21, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2094

    Sun SunONE web server 6.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which cause... Read more

    Affected Products : one_web_server
    • Published: Jul. 05, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2008-2527

    Cross-site scripting (XSS) vulnerability in view.php in ActualScripts ActualAnalyzer Server 8.37 and earlier, ActualAnalyzer Gold 7.74 and earlier, ActualAnalyzer Pro 6.95 and earlier, and ActualAnalyzer Lite 2.78 and earlier allows remote attackers to in... Read more

    • Published: Jun. 03, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2005-4299

    Cross-site scripting (XSS) vulnerability in atl.cgi in Atlant Pro 4.02 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) before and (2) ct parameters.... Read more

    Affected Products : atlant_pro
    • Published: Dec. 16, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4242

    Multiple cross-site scripting (XSS) vulnerabilities in Horde Turba H3 2.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the address book and (2) contact data.... Read more

    Affected Products : turba_h3
    • Published: Dec. 14, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2009-2965

    Cross-site scripting (XSS) vulnerability in entry/index.jsp in Radvision Scopia 5.7, and possibly other versions before SD 7.0.100, allows remote attackers to inject arbitrary web script or HTML via the page parameter.... Read more

    Affected Products : scopia
    • Published: Aug. 25, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2017-6785

    A vulnerability in configuration modification permissions validation for Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform a horizontal privilege escalation where one user can modify another user's configuration... Read more

    Affected Products : unified_communications_manager
    • Published: Aug. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2007-4884

    Media Player Classic (MPC) allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error.... Read more

    Affected Products : media_player_classic
    • Published: Sep. 14, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-6572

    Cross-site scripting (XSS) vulnerability in Sun Java System Web Server 6.1 before SP8 and 7.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566204.... Read more

    • Published: Dec. 28, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2016-2952

    IBM BigFix Remote Control before 9.1.3 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP.... Read more

    Affected Products : bigfix_remote_control
    • Published: Nov. 30, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-7320

    Multiple cross-site scripting (XSS) vulnerabilities in cpabc_appointments_admin_int_bookings_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified v... Read more

    Affected Products : appointment_booking_calendar
    • Published: Sep. 29, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2006-0198

    Cross-site scripting (XSS) vulnerability in a certain module, possibly poll or Pool, for XOOPS allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element in a comment.... Read more

    Affected Products : xoops_pool_module
    • Published: Jan. 13, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2007-2802

    Cross-site scripting (XSS) vulnerability in cp/ps/Main/login/Login in RM EasyMail Plus allows remote attackers to inject arbitrary web script or HTML via the d parameter.... Read more

    Affected Products : rm_easymail_plus
    • Published: May. 22, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-0180

    Cross-site scripting (XSS) vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the Title field on the "Adding New Event" page, and possibly other vectors, involving iframe tags.... Read more

    Affected Products : calogic_calendars
    • Published: Jan. 12, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0334

    Cross-site scripting (XSS) vulnerability in search.php in My Amazon Store Manager 1.0 allows remote attackers to inject arbitrary web script or HTML via the Keywords parameter. NOTE: some sources claim that the affected parameter is "q", but the only pub... Read more

    Affected Products : my_amazon_store_manager
    • Published: Jan. 21, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0245

    Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.7-pl1 allow remote attackers to inject arbitrary web script or HTML via the (3) redir, (4) productId, (5) docId, (6) act, and (7) catId parameters in index.php; and the (8) username field... Read more

    Affected Products : cubecart
    • Published: Jan. 18, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2009-0573

    Multiple cross-site scripting (XSS) vulnerabilities in FotoWeb 6.0 (Build 273) allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to cmdrequest/Login.fwx and the (2) search parameter to Grid.fwx.... Read more

    Affected Products : fotoweb
    • Published: Feb. 13, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 293414 Results