Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2005-2336

    Cross-site scripting (XSS) vulnerability in Hiki 0.8.0 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via "missing pages" in which the page name is not properly escaped, a different vulnerability than CVE-2005-2803.... Read more

    Affected Products : hiki
    • Published: Sep. 06, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1769

    Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.4 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in (1) the URL or (2) an e-mail message.... Read more

    Affected Products : enterprise_linux squirrelmail
    • Published: Jun. 16, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-0434

    Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 allow remote attackers to inject arbitrary HTML or web script via (1) the newdownloadshowdays parameter in a NewDownloads operation or (2) the newlinkshowdays parameter in a NewLinks oper... Read more

    Affected Products : php-nuke
    • Published: Feb. 15, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0069

    Cross-site scripting (XSS) vulnerability in addentry.php in Chipmunk Guestbook 1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the homepage parameter.... Read more

    Affected Products : chipmunk_guestbook
    • Published: Jan. 03, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2010-0327

    Cross-site scripting (XSS) vulnerability in the KJ: Imagelightbox (kj_imagelightbox2) extension 2.0.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-249... Read more

    Affected Products : typo3 kj_imagelightbox2
    • Published: Jan. 15, 2010
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2005-3009

    Cross-site scripting (XSS) vulnerability in CuteNews allows remote attackers to inject arbitrary web script or HTML via the mod parameter to index.php.... Read more

    Affected Products : cutenews
    • Published: Sep. 21, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2013-3589

    Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web scri... Read more

    • Published: Sep. 24, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2021-28569

    Adobe Media Encoder version 15.1 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive memory information in the context ... Read more

    Affected Products : media_encoder windows
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2005-4355

    Multiple cross-site scripting (XSS) vulnerabilities in UStore allow remote attackers to inject arbitrary web script or HTML via the (1) Cat parameter in default.asp and the (2) accessdenied parameter in admin/default.asp. NOTE: the provenance of this inf... Read more

    Affected Products : ustore
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4361

    Cross-site scripting (XSS) vulnerability in search.html in Magnolia Content Management Suite 2.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter.... Read more

    Affected Products : content_management_suite
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3000

    Multiple cross-site scripting (XSS) vulnerabilities in viewers/txt.php in PHP Advanced Transfer Manager 1.30 allow remote attackers to inject arbitrary web script or HTML via the (1) font, (2) normalfontcolor, or (3) mess[31] parameters.... Read more

    Affected Products : php_advanced_transfer_manager
    • Published: Sep. 20, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2021-28574

    Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the curr... Read more

    Affected Products : windows animate
    • Published: Jun. 28, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2005-4876

    Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.2.2, and possibly other versions before 2.3.0 Beta 2, allows remote attackers to inject arbitrary web script or HTML via the user... Read more

    Affected Products : openfire
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2318

    Cross-site scripting (XSS) vulnerability in showerr.asp in DVBBS 7.1 SP2 allows remote attackers to inject arbitrary web script or HTML via the action parameter.... Read more

    Affected Products : dvbbs
    • Published: Jul. 19, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4377

    Cross-site scripting (XSS) vulnerability in Page.asp in Baseline CMS 1.95 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) PageID and (2) SiteNodeID parameters.... Read more

    Affected Products : baseline_cms
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0194

    Cross-site scripting (XSS) vulnerability in default.asp in FogBugz 4.029, and other versions before 4.0.33, allows remote attackers to inject arbitrary web script or HTML via the dest parameter in the pgLogon page.... Read more

    Affected Products : fogbugz
    • Published: Jan. 13, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4435

    Cross-site scripting (XSS) vulnerability in index.php AbleDesign D-Man 3.x allows remote attackers to inject arbitrary web script or HTML via the title parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from th... Read more

    Affected Products : d-man
    • Published: Dec. 21, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1837

    Cross-site scripting (XSS) vulnerability in Mod_survey 3.0.x before 3.0.16-pre2 and 3.2.x before 3.2.0-pre4 allows remote attackers to inject arbitrary web script or HTML via the certain survey fields or error messages for malformed query strings.... Read more

    Affected Products : mod_survey
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4387

    Cross-site scripting (XSS) vulnerability in home.php in contenite 0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter.... Read more

    Affected Products : contenite
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2024-21048

    Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: XML input). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with netwo... Read more

    • Published: Apr. 16, 2024
    • Modified: Apr. 10, 2025
Showing 20 of 294210 Results