Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2005-4281

    Cross-site scripting (XSS) vulnerability in Zaygo HostingCart 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via certain search module parameters, possibly the root parameter to zaygo.cgi.... Read more

    Affected Products : hostingcart
    • Published: Dec. 16, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4381

    Multiple cross-site scripting (XSS) vulnerabilities in Caravel CMS 3.0 Beta 1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fileDN and (2) folderviewer_attrs parameters.... Read more

    Affected Products : caravel_cms
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4512

    Cross-site scripting (XSS) vulnerability in WAXTRAPP 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.... Read more

    Affected Products : waxtrapp
    • Published: Dec. 23, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2020-12863

    An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083.... Read more

    • Published: Jun. 24, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2005-4374

    Multiple cross-site scripting (XSS) vulnerabilities in Allinta 2.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to faq.asp and (2) searchQuery parameter to search.asp.... Read more

    Affected Products : allinta
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4294

    Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the username in the login page.... Read more

    Affected Products : opencms
    • Published: Dec. 16, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4666

    Cross-site scripting (XSS) vulnerability in PHlyMail before 3.3 Beta1 allows remote attackers to inject arbitrary Javascript via unknown attack vectors.... Read more

    Affected Products : phlymail
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3821

    Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in (a) index_list.php and (2) year, (3) month, and (4) day parameter in (b) registration.php.... Read more

    Affected Products : atutor
    • Published: Jul. 25, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4502

    Cross-site scripting (XSS) vulnerability in httprint v202, and possibly other versions before v301, allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response, which is not sanitized before being displayed to t... Read more

    Affected Products : httprint
    • Published: Dec. 22, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1801

    Cross-site scripting (XSS) vulnerability in planetsearchplus.php in planetSearch+ allows remote attackers to inject arbitrary web script or HTML via the search_exp parameter.... Read more

    Affected Products : planetsearch\+
    • Published: Apr. 18, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3765

    Multiple cross-site scripting (XSS) vulnerabilities in Huttenlocher Webdesign hwdeGUEST 2.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, as demonstrated by the "name input" field in new_entry.php.... Read more

    Affected Products : hwdeguest
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1321

    Cross-site scripting (XSS) vulnerability in Horde Vacation module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.... Read more

    Affected Products : vaction
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3817

    Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess 6.5 and 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via an encoded SCRIPT element in an e-mail message with the UTF-7 character set, as demonstrate... Read more

    Affected Products : groupwise_webaccess
    • Published: Aug. 11, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1309

    Cross-site scripting (XSS) vulnerability in bBlog 0.7.4 allows remote attackers to inject arbitrary web script or HTML via the (1) entry title field or (2) comment body text.... Read more

    Affected Products : bblog bblog
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3974

    Cross-site scripting (XSS) vulnerability in cgi-bin/admin in 3Com OfficeConnect Secure Router with firmware 1.04-168 allows remote attackers to inject arbitrary web script or HTML via the tk parameter.... Read more

    Affected Products : 3cr860-95
    • Published: Jun. 11, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-3820

    Cross-site scripting (XSS) vulnerability in loudblog/index.php in Loudblog before 0.5 allows remote attackers to inject arbitrary web script or HTML via the page parameter.... Read more

    Affected Products : loudblog
    • Published: Jul. 25, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2020-12864

    An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081.... Read more

    Affected Products : ubuntu_linux leap sane_backends
    • Published: Jun. 24, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2005-4351

    The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while the sys... Read more

    Affected Products : linux_kernel freebsd openbsd dragonfly
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1319

    Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.... Read more

    Affected Products : imp
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2008-4066

    Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demo... Read more

    Affected Products : firefox
    • Published: Sep. 24, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 294341 Results