Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2013-1497

    Unspecified vulnerability in the Oracle COREid Access component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to WebGate - WebServer plugin.... Read more

    Affected Products : fusion_middleware
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-2630

    The Puella Magi Madoka Magica iP application 1.05 and earlier for Android places cleartext Twitter credentials in a log file, which allows remote attackers to obtain sensitive information via a crafted application.... Read more

    Affected Products : madomagi-ip_android
    • Published: Jun. 04, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-8992

    Cross-site scripting (XSS) vulnerability in manager/assets/fileapi/FileAPI.flash.image.swf in MODX Revolution 2.3.2-pl allows remote attackers to inject arbitrary web script or HTML via the callback parameter.... Read more

    Affected Products : modx_revolution
    • Published: Dec. 22, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2008-0541

    Multiple cross-site scripting (XSS) vulnerabilities in forum.php in Gerd Tentler Simple Forum 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) open and (2) date_show parameters.... Read more

    Affected Products : simple_forum
    • Published: Feb. 01, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2012-6575

    Cross-site scripting (XSS) vulnerability in the Exposed Filter Data module 6.x-1.x before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal exposed_filter_data
    • Published: Jun. 27, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2396

    Unspecified vulnerability in the Forms component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors.... Read more

    Affected Products : fusion_middleware
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2433

    Multiple cross-site scripting (XSS) vulnerabilities in content/internalError.jsp in IBM WebSphere ILOG JRules 6.7 allow remote attackers to inject arbitrary web script or HTML via an RTS URL to (1) explore/explore.jsp, (2) compose/compose.jsp, or (3) home... Read more

    Affected Products : websphere_ilog_jrules
    • Published: Jun. 24, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-4246

    Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter; or the (2) footer, (3) status, or (4) testtarget parameter in ... Read more

    Affected Products : phplist
    • Published: Aug. 12, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-7852

    Cross-site scripting (XSS) vulnerability in JBoss RichFaces, as used in JBoss Portal 6.1.1, allows remote attackers to inject arbitrary web script or HTML via crafted URL, which is not properly handled in a CSS file.... Read more

    • Published: Dec. 11, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9135

    The PackageInstaller module in Huawei P7-L10 smartphones before V100R001C00B136 allows remote attackers to spoof the origin website and bypass the website whitelist protection mechanism via a crafted package.... Read more

    Affected Products : p7-l10_firmware p7-l10
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-10316

    The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.4 in includes/templates/content-switcher.php. This makes it possible for authenticated attackers, with Contribut... Read more

    Affected Products : stratum
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-10532

    The Bard Extra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bardxtra_import_xml() function in all versions up to, and including, 1.2.7. This makes it possible for authenticated attackers,... Read more

    Affected Products :
    • Published: Nov. 21, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-2717

    Multiple cross-site scripting (XSS) vulnerabilities in the Mobile Tools module 6.x-2.x before 6.x-2.3 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) Mobile URL field or (2) Desktop URL field to the General configurati... Read more

    Affected Products : drupal mobile_tools
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-4397

    Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) calendar displayname to part.choosecalendar.rowfields.php or (2) part.choosecalendar.rowfields.shared.ph... Read more

    Affected Products : owncloud owncloud_server
    • Published: Sep. 05, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2006-0886

    Cross-site scripting (XSS) vulnerability in register.php in DEV web management system 1.5 allows remote attackers to inject arbitrary web script or HTML via the "City/Region" field (mesto variable). NOTE: the provenance of this information is unknown; th... Read more

    Affected Products : dev_web_management_system
    • Published: Feb. 25, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2014-8751

    Multiple cross-site scripting (XSS) vulnerabilities in goYWP WebPress 13.00.06 allow remote attackers to inject arbitrary web script or HTML via the (1) search_param parameter to search.php or (2) name, (3) address, or (4) comment parameter to forms.php.... Read more

    Affected Products : webpress
    • Published: Dec. 16, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2009-4542

    Cross-site scripting (XSS) vulnerability in newticket.php in IsolSoft Support Center 2.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.... Read more

    Affected Products : support_center
    • Published: Jan. 04, 2010
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2014-2002

    Cross-site scripting (XSS) vulnerability in C-BOARD Moyuku 1.01b6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : c-board_moyuku
    • Published: Jun. 14, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-3652

    Cross-site scripting (XSS) vulnerability in data/class/pages/products/LC_Page_Products_List.php in LOCKON EC-CUBE 2.11.0 through 2.12.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving the classcategory_id2 field, a dif... Read more

    Affected Products : ec-cube ec-cube
    • Published: Jun. 30, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-1779

    Cross-site scripting (XSS) vulnerability in IDevSpot idev-BusinessDirectory 3.0 allows remote attackers to inject arbitrary web script or HTML via the SEARCH parameter to index.php.... Read more

    Affected Products : idev-businessdirectory
    • Published: Mar. 19, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 292795 Results