Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2006-3151

    Cross-site scripting (XSS) vulnerability in index.php in AssoCIateD (aka ACID) 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the menu parameter.... Read more

    Affected Products : associated_cms
    • Published: Jun. 22, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1939

    Cross-site scripting (XSS) vulnerability in Zaep AntiSpam 2.0 allows remote attackers to inject arbitrary web script or HTML via double encoded slashes (%252F) in the key parameter.... Read more

    Affected Products : zaep_antispam
    • Published: Apr. 14, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2007-3243

    Cross-site scripting (XSS) vulnerability in bb-login.php in bbPress 0.8.1 allows remote attackers to inject arbitrary web script or HTML via the re parameter. NOTE: exploitation may require forcing the client to send a certain Referer header.... Read more

    Affected Products : bbpress
    • Published: Jun. 15, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-3579

    Cross-site scripting (XSS) vulnerability in Fujitsu ServerView 2.50 up to 3.60L98 and 4.10L11 up to 4.11L81 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : serverview
    • Published: Jul. 13, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2007-3267

    Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum 1.01b and earlier allows remote attackers to inject arbitrary web script or HTML via the fromaction parameter in a log action, a different vector than CVE-2007-3235.... Read more

    Affected Products : fuzzylime_forum
    • Published: Jun. 19, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2005-4231

    Cross-site scripting (XSS) vulnerability in Link Up Gold 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) link parameter to tell_friend.php, (2) phrase[] parameter to search.php in a search_links_advanced action, and ... Read more

    Affected Products : link_up_gold
    • Published: Dec. 14, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2007-3281

    Cross-site scripting (XSS) vulnerability in index.php in Php Hosting Biller 1.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.... Read more

    Affected Products : php_hosting_biller
    • Published: Jun. 19, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-3288

    Cross-site scripting (XSS) vulnerability in the skeltoac stats (Automattic Stats) 1.0 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer field.... Read more

    Affected Products : automattic_stats
    • Published: Jun. 20, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2004-1965

    Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) redirect parameter to member.php, (2) to parameter to myhome.php (3) TID param... Read more

    Affected Products : openbb
    • Published: Apr. 25, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1985

    Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to inject arbitrary HTML or web script via the CPG_URL parameter.... Read more

    Affected Products : php-nuke coppermine_photo_gallery
    • Published: Apr. 30, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1979

    Cross-site scripting (XSS) vulnerability in do_search.php in PROPS 0.6.1 allows remote attackers to inject arbitrary HTML or web script via the search_string parameter.... Read more

    Affected Products : props
    • Published: Apr. 30, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4245

    Cross-site scripting (XSS) vulnerability in search.php in Snipe Gallery 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.... Read more

    Affected Products : snipe_gallery
    • Published: Dec. 14, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4290

    Cross-site scripting (XSS) vulnerability in index.cgi in ECW-Cart 2.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) kword, (2) max, (3) min, (4) comp, and (5) f parameters.... Read more

    Affected Products : ecw-cart
    • Published: Dec. 16, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2008-3917

    Cross-site scripting (XSS) vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter in a search action.... Read more

    Affected Products : ovidentia
    • Published: Sep. 04, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-3941

    Cross-site scripting (XSS) vulnerability in BizDirectory 2.04 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter in a search action to the default URI.... Read more

    Affected Products : bizdirectory
    • Published: Sep. 05, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-4053

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in the Bluemoon PopnupBLOG module 3.20 and 3.30 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the (1) param, (2) cat_id, and (3) view parameters.... Read more

    Affected Products : xoops popnupblog
    • Published: Sep. 11, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2005-4255

    Cross-site scripting (XSS) vulnerability in TextSearch in WikkaWiki 1.1.6.0 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded phrase parameter.... Read more

    Affected Products : wikkawiki
    • Published: Dec. 15, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2007-4265

    Multiple cross-site scripting (XSS) vulnerabilities in VisionProject 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) projectIssueId parameter in EditProjectIssue.do, the (2) projectId parameter in ProjectSelected.... Read more

    Affected Products : visionproject
    • Published: Aug. 09, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2019-4045

    IBM Business Automation Workflow and IBM Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 provide embedded document management features. Because of a missing restriction in an API, a client might spoof the last modified by value of a document. IB... Read more

    • Published: Apr. 08, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2005-4322

    Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Cosminexus Collaboration Portal 06-00 through 06-10-/B, Groupmax Collaboration Portal 07-00 through 07-10-/B, and Groupmax Collaboration Web Client 07-00 through 07-10-/A allow remote attacker... Read more

    • Published: Dec. 17, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 293980 Results