Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2009-3003

    Microsoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, w... Read more

    Affected Products : internet_explorer
    • EPSS Score: %22.66
    • Published: Aug. 28, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-2887

    Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts Now President Bios allows remote attackers to inject arbitrary web script or HTML via the rank parameter.... Read more

    Affected Products : president_bios
    • EPSS Score: %0.30
    • Published: Aug. 20, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-2959

    Cross-site scripting (XSS) vulnerability in the waterfall web status view (status/web/waterfall.py) in Buildbot 0.7.6 through 0.7.11p1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : buildbot
    • EPSS Score: %0.47
    • Published: Aug. 25, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-2995

    Integer overflow in Adobe Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows attackers to cause a denial of service via unspecified vectors.... Read more

    Affected Products : acrobat
    • EPSS Score: %1.46
    • Published: Oct. 19, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-2928

    Cross-site scripting (XSS) vulnerability in login.php in TGS Content Management 0.x allows remote attackers to inject arbitrary web script or HTML via the previous_page parameter, a different vector than CVE-2008-6839.... Read more

    Affected Products : tgs_content_management
    • EPSS Score: %0.14
    • Published: Aug. 21, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-2913

    Cross-site scripting (XSS) vulnerability in index.php in XZero Community Classifieds 4.97.8 allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the details are obtained solely f... Read more

    Affected Products : xzero_community_classifieds
    • EPSS Score: %0.26
    • Published: Aug. 21, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-2992

    An unspecified ActiveX control in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 does not properly validate input, which allows attackers to cause a denial of service via unknown vectors.... Read more

    Affected Products : acrobat acrobat_reader
    • EPSS Score: %2.15
    • Published: Oct. 19, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3015

    QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and data: URIs in Refresh and Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh h... Read more

    Affected Products : qtweb
    • EPSS Score: %0.22
    • Published: Aug. 31, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3030

    Cross-site scripting (XSS) vulnerability in Symantec SecurityExpressions Audit and Compliance Server 4.1.1, 4.1, and earlier allows remote attackers to inject arbitrary web script or HTML via vectors that trigger an error message in a response, related to... Read more

    • EPSS Score: %0.78
    • Published: Oct. 15, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-2987

    Unspecified vulnerability in an ActiveX control in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Windows allows remote attackers to cause a denial of service via unknown vectors.... Read more

    Affected Products : acrobat acrobat_reader
    • EPSS Score: %1.38
    • Published: Oct. 19, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3008

    K-Meleon 1.5.3 allows context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the attacke... Read more

    Affected Products : k-meleon
    • EPSS Score: %0.25
    • Published: Aug. 28, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3060

    Multiple cross-site scripting (XSS) vulnerabilities in Joker Board (aka JBoard) 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the notice parameter to editform.php, (2) the edit_user_message parameter to core/edit_us... Read more

    Affected Products : jboard
    • EPSS Score: %0.26
    • Published: Sep. 03, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3005

    Lunascape 5.1.3 and 5.1.4 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers ... Read more

    Affected Products : lunascape
    • EPSS Score: %0.22
    • Published: Aug. 28, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3011

    Google Chrome 1.0.154.48 and earlier, 2.0.172.28, 2.0.172.37, and 3.0.193.2 Beta does not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1... Read more

    Affected Products : chrome
    • EPSS Score: %0.24
    • Published: Aug. 31, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3017

    Orca Browser 1.2 build 5 does not properly block data: URIs in Refresh and Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains ... Read more

    Affected Products : orca_browser
    • EPSS Score: %0.25
    • Published: Aug. 31, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3066

    Multiple cross-site scripting (XSS) vulnerabilities in PropertyWatchScript.com Property Watch 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) videoid parameter to tools/email.php and (2) redirect parameter to tools/login.php.... Read more

    Affected Products : property_watch
    • EPSS Score: %0.19
    • Published: Sep. 03, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3152

    Multiple cross-site scripting (XSS) vulnerabilities in becommunity/community/index.php in NTSOFT BBS E-Market Professional allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) bt_code, and (3) b_no parameters in a board view... Read more

    Affected Products : bbs_e-market
    • EPSS Score: %1.35
    • Published: Sep. 10, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3012

    Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting ... Read more

    Affected Products : firefox
    • EPSS Score: %0.24
    • Published: Aug. 31, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3592

    Cross-site scripting (XSS) vulnerability in customer/home.php in Qualiteam X-Cart allows remote attackers to inject arbitrary web script or HTML via the email parameter in a subscribed action, a different vector than CVE-2005-1823.... Read more

    Affected Products : x-cart
    • EPSS Score: %1.02
    • Published: Oct. 08, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3599

    Cross-site scripting (XSS) vulnerability in single_winner1.php in HUBScript 1.0 allows remote attackers to inject arbitrary web script or HTML via the bid_id parameter.... Read more

    Affected Products : hubscript
    • EPSS Score: %1.35
    • Published: Oct. 08, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 292318 Results