Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2005-4596

    Cross-site scripting (XSS) vulnerability in read.php in AdesGuestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the totalRows_rsRead parameter.... Read more

    Affected Products : adesguestbook
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3436

    Cross-site scripting (XSS) vulnerability in Nuked-Klan 1.7 allows remote attackers to inject arbitrary web script or HTML via the (1) Search module, (2) certain edit fields in Guestbook, (3) the title in the Forum module, and (4) Textbox.... Read more

    Affected Products : nuked-klan
    • Published: Nov. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2024-36845

    An invalid pointer in the modbus_receive() function of libmodbus v3.1.6 allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server.... Read more

    Affected Products : libmodbus
    • Published: May. 31, 2024
    • Modified: May. 01, 2025

  • 4.3

    MEDIUM
    CVE-2025-31724

    Jenkins Cadence vManager Plugin 4.0.0-282.v5096a_c2db_275 and earlier stores Verisium Manager vAPI keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins... Read more

    Affected Products : cadence_vmanager
    • Published: Apr. 02, 2025
    • Modified: Apr. 17, 2025
    • Vuln Type: Information Disclosure

  • 4.3

    MEDIUM
    CVE-2006-4568

    Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remote attackers to bypass the security model and inject content into the sub-frame of another site via targetWindow.frames[n].document.open(), which facilitates spoofing and other attacks.... Read more

    Affected Products : firefox seamonkey
    • Published: Sep. 15, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4551

    Cross-site scripting (XSS) vulnerability in sign.php in codegrrl SimpBook 1.0, when html_enable is on, allows remote attackers to inject arbitrary web script or HTML via the message parameter to index.php.... Read more

    Affected Products : simpbook
    • Published: Dec. 28, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2953

    Cross-site scripting (XSS) vulnerability in merchant.mvc in MIVA Merchant 5 allows remote attackers to inject arbitrary web script or HTML via the Customer_Login parameter.... Read more

    Affected Products : miva_merchant
    • Published: Sep. 16, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4665

    Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via Javascript contained in nested, malformed BBcode url tags.... Read more

    Affected Products : punbb
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2020-6531

    Side-channel information leakage in scroll to text in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.... Read more

    • Published: Jul. 22, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2005-4497

    Cross-site scripting (XSS) vulnerability in Tangora Portal CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter in a search page, as demonstrated using (1) page1631.aspx and (2) page496.aspx.... Read more

    Affected Products : tangora_portal_cms
    • Published: Dec. 22, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-33946

    The Object module in Liferay Portal 7.4.3.4 through 7.4.3.48, and Liferay DXP 7.4 before update 49 does properly isolate objects in difference virtual instances, which allows remote authenticated users in one virtual instance to view objects in a differen... Read more

    • Published: May. 24, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-0327

    Cross-site scripting (XSS) vulnerability in the KJ: Imagelightbox (kj_imagelightbox2) extension 2.0.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-249... Read more

    Affected Products : typo3 kj_imagelightbox2
    • Published: Jan. 15, 2010
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2005-1183

    Cross-site scripting (XSS) vulnerability in mvnForum 1.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the Search parameter.... Read more

    Affected Products : mvnforum
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2090

    Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and ... Read more

    Affected Products : tomcat
    • Published: Jul. 05, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2020-3771

    Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.... Read more

    • Published: Mar. 25, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2005-0374

    Cross-site scripting (XSS) vulnerability in Bitboard 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via an [img] bbcode image tag with an event such as mouseover.... Read more

    Affected Products : bitboard
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1068

    Cross-site scripting (XSS) vulnerability in sCssBoard 1.11 and earlier allows remote attackers to execute arbitrary Javascript via [url] tags.... Read more

    Affected Products : scssboard
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4383

    Cross-site scripting (XSS) vulnerability in index.cfm in CitySoft Community Enterprise 4.x allows remote attackers to inject arbitrary web script or HTML via the (1) presentationSite, (2) docPublishYear, (3) docDescription, (4) publishState, (5) docAuthor... Read more

    Affected Products : community_enterprise
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-38173

    Microsoft Edge for Android Spoofing Vulnerability... Read more

    Affected Products : edge edge_chromium
    • Published: Jul. 21, 2023
    • Modified: Feb. 28, 2025

  • 4.3

    MEDIUM
    CVE-2005-4420

    Cross-site scripting (XSS) vulnerability in Honeycomb Archive Enterprise 3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the keyword parameter in search.cfm.... Read more

    Affected Products : honeycomb_archive_enterprise
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 294842 Results