Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2008-0541

    Multiple cross-site scripting (XSS) vulnerabilities in forum.php in Gerd Tentler Simple Forum 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) open and (2) date_show parameters.... Read more

    Affected Products : simple_forum
    • Published: Feb. 01, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2014-8992

    Cross-site scripting (XSS) vulnerability in manager/assets/fileapi/FileAPI.flash.image.swf in MODX Revolution 2.3.2-pl allows remote attackers to inject arbitrary web script or HTML via the callback parameter.... Read more

    Affected Products : modx_revolution
    • Published: Dec. 22, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2005-3837

    Cross-site scripting (XSS) vulnerability in the search module in sCssBoard 1.2 and 1.12, and earlier versions, allows remote attackers to inject arbitrary web script or HTML via the search_term parameter.... Read more

    Affected Products : scssboard
    • Published: Nov. 26, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2011-5194

    Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin before 1.4.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the domain parameter, a different vulnerability than... Read more

    Affected Products : wordpress samswhois
    • Published: Sep. 23, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-4166

    Cross-site scripting (XSS) vulnerability in the song history in SHOUTcast DNAS 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the mp3 title field.... Read more

    Affected Products : dnas
    • Published: Jun. 16, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4551

    Cross-site scripting (XSS) vulnerability in diagnostics/test.php in the Social Connect plugin 1.0.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the testing parameter.... Read more

    Affected Products : social_connect
    • Published: Jul. 02, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4582

    Cross-site scripting (XSS) vulnerability in admin/admin_show_dialogs.php in the WP Consultant plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the dialog_id parameter.... Read more

    Affected Products : wp_consultant
    • Published: Jul. 02, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1057

    Cross-site scripting (XSS) vulnerability in usersettings.php in e107 2.0.0 allows remote attackers to inject arbitrary web script or HTML via the "Real Name" value.... Read more

    Affected Products : e107
    • Published: Jan. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1204

    Cross-site scripting (XSS) vulnerability in the Save Filters functionality in the WP Slimstat plugin before 3.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fs[resource] parameter in the wp-slim-view-2 page to wp-... Read more

    Affected Products : wp_slimstat
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-5270

    Mattermost versions 9.5.x <= 9.5.3, 9.7.x <= 9.7.1, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to check if the email signup configuration option is enabled when a user requests to switch from SAML to Email. This allows the user to switch their authentication... Read more

    Affected Products : mattermost_server mattermost
    • Published: May. 26, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-5272

    Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1, 8.1.x <= 8.1.12 fail to restrict the audience of the "custom_playbooks_playbook_run_updated" webhook event, which allows a guest on a channel with a playbook run linked to see all the details of the play... Read more

    Affected Products : mattermost_server mattermost
    • Published: May. 26, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-4778

    IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 do not send an X-Frame-Options HTTP header in response to requests for the login page, which allows remote attackers to conduct clickjacking attacks v... Read more

    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1383

    Cross-site scripting (XSS) vulnerability in the geo search widget in the Geo Mashup plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search key.... Read more

    Affected Products : geo_mashup geo_mashup
    • Published: Feb. 02, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2008-3186

    Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blog (Blogger) allow remote attackers to inject arbitrary web script or HTML via the membername parameter to (1) members.php, (2) comments.php, (3) photos.php, (4) archive.php, or (5) cat.php... Read more

    Affected Products : chipmunk_blogger
    • Published: Jul. 15, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-2155

    A vulnerability was found in SourceCodester Best POS Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to file inclusion. The attack may be in... Read more

    • Published: Mar. 04, 2024
    • Modified: Apr. 22, 2025

  • 4.3

    MEDIUM
    CVE-2004-2030

    Multiple cross-site scripting (XSS) vulnerabilities in index.jsp for Liferay before 2.2.0 release 10/1/2004 allow remote attackers to inject arbitrary web script or HTML, as demonstrated using the message subject.... Read more

    Affected Products : liferay_enterprise_portal
    • Published: May. 22, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2008-0838

    Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface in Sophos ES1000 and ES4000 Email Security Appliance 2.1.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) error and (2) go parameters to t... Read more

    Affected Products : es1000 es4000
    • Published: Feb. 20, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-0851

    Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to inscription.php, (2) courseCode parameter to main/calendar/myagenda.php, (3) category param... Read more

    Affected Products : e-learning_system dokeos
    • Published: Feb. 21, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2015-2926

    Cross-site scripting (XSS) vulnerability in Php/stats/statsRecent.inc.php in phpTrafficA 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header to index.php.... Read more

    Affected Products : phptraffica
    • Published: Apr. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-1435

    The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware dete... Read more

    • Published: Mar. 21, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 293592 Results