Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2009-4822

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kasseler CMS 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) do, (2) id, and (3) uname parameters.... Read more

    Affected Products : kasseler_cms
    • Published: Apr. 27, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-1334

    Cross-site scripting (XSS) vulnerability in login/FilepathLogin.html in IBM Tivoli Continuous Data Protection (CDP) for Files 3.1.4.0 allows remote attackers to inject arbitrary web script or HTML via the reason parameter.... Read more

    • Published: Apr. 17, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-4835

    The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1.0.20 allow context-dependent attackers to cause a denial of service (divide-by-zero error and application crash) via a... Read more

    Affected Products : libsndfile
    • Published: May. 06, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2018-1503

    IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a remotely authenticated attacker to to send invalid or malformed headers that could cause messages to no longer be transmitted via the affected channel. IBM X-Force ID: 141339.... Read more

    Affected Products : websphere_mq
    • Published: Jul. 23, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2009-4233

    Cross-site scripting (XSS) vulnerability in modules/mod_yj_whois.php in the YJ Whois component 1.0x and 1.5.x for Joomla! allows remote attackers to inject arbitrary web script or HTML via the domain parameter to index.php. NOTE: some of these details ar... Read more

    Affected Products : joomla\! yj_whois
    • Published: Dec. 08, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-5172

    Multiple cross-site scripting (XSS) vulnerabilities in Yazd Forum Software 3.x allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to (a) search.jsp, and the (2) msg parameter to (b) error.jsp and (c) userAccount.jsp. NO... Read more

    Affected Products : yazd_forum_software
    • Published: Nov. 19, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-1454

    Cross-site scripting (XSS) vulnerability in tasks.php in WebCollab before 2.50 (aka Billy Goat) allows remote attackers to inject arbitrary web script or HTML via the selection parameter in a todo action.... Read more

    Affected Products : webcollab
    • Published: Apr. 28, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-0424

    Cross-site scripting (XSS) vulnerability in sign1.php in AN Guestbook (ANG) before 0.7.7 allows remote attackers to inject arbitrary web script or HTML via the country parameter, which is not properly handled in (1) administrator/manage.php or (2) adminis... Read more

    Affected Products : an_guestbook
    • Published: Feb. 05, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2015-0470

    Unspecified vulnerability in Oracle Java SE 8u40 allows remote attackers to affect integrity via unknown vectors related to Hotspot.... Read more

    Affected Products : jdk jre
    • Published: Apr. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2009-0335

    Cross-site scripting (XSS) vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to inject arbitrary web script or HTML via the view parameter.... Read more

    Affected Products : blogit\!
    • Published: Jan. 29, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-2256

    Multiple cross-site scripting (XSS) vulnerabilities in Pay Per Minute Video Chat Script 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/memberviewdetails.php and the (2) model parameter to videos... Read more

    Affected Products : pay_per_minute_video_chat_script
    • Published: Jun. 09, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-0204

    Cross-site scripting (XSS) vulnerability in HP Select Access 6.1 and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : select_access
    • Published: Jan. 30, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-8033

    Inappropriate implementation in WebApp Installs in Google Chrome on Windows prior to 128.0.6613.84 allowed an attacker who convinced a user to install a malicious application to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low... Read more

    Affected Products : chrome windows edge_chromium
    • Published: Aug. 21, 2024
    • Modified: Mar. 25, 2025

  • 4.3

    MEDIUM
    CVE-2009-0156

    Launch Services in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to cause a denial of service (persistent Finder crash) via a crafted Mach-O executable that triggers an out-of-bounds memory read.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: May. 13, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-5362

    The DefineConstantPool action in the ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, accepts an untrusted input value for a "constant count," which allows remote attackers to ... Read more

    Affected Products : flash_player air
    • Published: Dec. 08, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-0607

    Cross-site scripting (XSS) vulnerability in Forms/status_statistics_1 in the Sterlite SAM300 AX Router allows remote attackers to inject arbitrary web script or HTML via the Stat_Radio parameter.... Read more

    Affected Products : sam300_ax_router
    • Published: Feb. 11, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2022-3660

    Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 107.0.5304.62 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)... Read more

    Affected Products : android chrome edge_chromium
    • Published: Nov. 01, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2009-1484

    Cross-site scripting (XSS) vulnerability in the web mail interface feature in AXIGEN Mail Server 6.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving e-mail messages. NOTE: the provenance of this informat... Read more

    • Published: Apr. 29, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-1333

    Cross-site scripting (XSS) vulnerability in refresh_rate.htm in the web interface on the HP Deskjet 6840 printer with firmware XF1M131A allows remote attackers to inject arbitrary web script or HTML via the POST request body.... Read more

    Affected Products : deskjet_6840
    • Published: Apr. 17, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-4813

    Cross-site scripting (XSS) vulnerability in myps.php in MyBB (aka MyBulletinBoard) 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a donate action.... Read more

    Affected Products : mybb
    • Published: Apr. 27, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 294299 Results