Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2012-1238

    Session fixation vulnerability in SENCHA SNS before 1.0.2 allows remote attackers to hijack web sessions via unspecified vectors.... Read more

    Affected Products : sencha_sns
    • Published: Apr. 06, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-5040

    Multiple cross-site scripting (XSS) vulnerabilities in Infoproject Biznis Heroj allow remote attackers to inject arbitrary web script or HTML via the config parameter to (1) nalozi_naslov.php and (2) widget.dokumenti_lista.php.... Read more

    Affected Products : biznis_heroj
    • Published: Dec. 30, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-5024

    Cross-site scripting (XSS) vulnerability in mmsearch/design in the Mailman/htdig integration patch for Mailman allows remote attackers to inject arbitrary web script or HTML via the config parameter.... Read more

    Affected Products : mailman
    • Published: Dec. 29, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2018-3056

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with ... Read more

    • Published: Jul. 18, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2011-5025

    Multiple cross-site scripting (XSS) vulnerabilities in the wiki application in Yaws 1.88 allow remote attackers to inject arbitrary web script or HTML via (1) the tag parameter to editTag.yaws, (2) the index parameter to showOldPage.yaws, (3) the node par... Read more

    Affected Products : yaws
    • Published: Dec. 29, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2023-39999

    Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through... Read more

    Affected Products : fedora wordpress
    • Published: Oct. 13, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2011-4950

    Cross-site scripting (XSS) vulnerability in phpgwapi/js/jscalendar/test.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to inject arbitrary web script or HTML ... Read more

    • Published: Aug. 31, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-4918

    Multiple cross-site scripting (XSS) vulnerabilities in Elxis CMS 2009.2, 2009.3 and 2009.3 Aphrodite before revision 2684 allow remote attackers to inject arbitrary web script or HTML via the (1) task parameter to elxis/index.php, and (2) PATH_INFO to elx... Read more

    Affected Products : elxis_cms
    • Published: Aug. 29, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-1245

    Cross-site scripting (XSS) vulnerability in the cleanup_urls function in forum/utils/html.py in OSQA before 1234, and 0.9.0 Beta 3 and earlier, allows remote attackers to inject arbitrary web script or HTML via vectors related to a crafted URI.... Read more

    Affected Products : osqa
    • Published: Apr. 27, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-4887

    Cross-site scripting (XSS) vulnerability in the Violations Table in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall (WAF) 9.0 allows remote attackers to inject arbitrary web script or HTML via the username f... Read more

    • Published: Sep. 11, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-1240

    Cross-site scripting (XSS) vulnerability in the RECRUIT Dokodemo Rikunabi 2013 extension before 1.0.1 for Google Chrome allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : dokodemo_rikunabi_2013
    • Published: Apr. 16, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2022-1428

    An issue has been discovered in GitLab affecting all versions before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was incorrectly verifying throttling limits for authenticated package reque... Read more

    Affected Products : gitlab
    • Published: May. 11, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-1303

    Multiple cross-site scripting (XSS) vulnerabilities in amCharts Flash 1 allow remote attackers to inject arbitrary web script or HTML via the (1) data_file or (2) settings_file parameter to ampie.swf; the message element in the chart_data parameter to (3)... Read more

    Affected Products : flash
    • Published: Dec. 28, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-1290

    Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp in the Internet Sales (crm.b2b) module in SAP NetWeaver 7.0 allows remote attackers to inject arbitrary web script or HTML via the _loadPage parameter.... Read more

    Affected Products : netweaver
    • Published: Feb. 23, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-1451

    The CAB file parser in Emsisoft Anti-Malware 5.1.0.1 and Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0 allows remote attackers to bypass malware detection via a CAB file with a modified reserved2 field. NOTE: this may later be SPLIT into multip... Read more

    • Published: Mar. 21, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-4852

    The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 generates web pages containing external links in response to GET requests with query strings for enterprise/mobile-monitor/ and certain other files, which makes it easier for remote attack... Read more

    • Published: Dec. 16, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-4909

    Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/views/article/tmpl/form.php, (2) components/com_user/contr... Read more

    Affected Products : joomla\! joomla
    • Published: Oct. 07, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-4926

    Cross-site scripting (XSS) vulnerability in adminimize/adminimize_page.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.... Read more

    Affected Products : wordpress adminimize
    • Published: Aug. 29, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-4848

    The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 includes a submitted password within an HTTP response body, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by password handling in c... Read more

    • Published: Dec. 16, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-4897

    Tor before 0.2.2.25-alpha, when configured as a relay without the Nickname configuration option, uses the local hostname as the Nickname value, which allows remote attackers to obtain potentially sensitive information by reading this value.... Read more

    Affected Products : tor tor
    • Published: Dec. 23, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 294848 Results