Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2006-4009

    Cross-site scripting (XSS) vulnerability in war.php in Virtual War (Vwar) 1.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter.... Read more

    Affected Products : virtual_war
    • Published: Aug. 07, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2014-3135

    Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 5.1.1 Alpha 9 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to privatemessage/new/, (2) the folderid parameter to a private message in privatemessage/vi... Read more

    Affected Products : vbulletin
    • Published: Apr. 30, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2010-0617

    Cross-site scripting (XSS) vulnerability in ajax.php in evalSMSI 2.1.03 allows remote attackers to inject arbitrary web script or HTML via the return parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from thi... Read more

    Affected Products : evalsmsi
    • Published: Feb. 11, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2006-4038

    Multiple cross-site scripting (XSS) vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gastname or (2) gastwohnort parameters.... Read more

    Affected Products : gaestechaos
    • Published: Aug. 09, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2009-2589

    Multiple cross-site scripting (XSS) vulnerabilities in Hutscripts PHP Website Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) feedback.php, (2) index.php, and (3) lostpassword.php.... Read more

    Affected Products : hutscripts_php_website_script
    • Published: Jul. 24, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2016-5603

    Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote authenticated users to affect confidentiality via vectors relate... Read more

    Affected Products : flexcube_universal_banking
    • Published: Oct. 25, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2017-3817

    A vulnerability in the role-based resource checking functionality of Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in a UCS domain. More Information: CS... Read more

    Affected Products : unified_computing_system_director
    • Published: Apr. 07, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2015-0158

    Cross-site scripting (XSS) vulnerability in the Coach NG framework in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL... Read more

    Affected Products : business_process_manager
    • Published: Mar. 24, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4160

    Multiple cross-site scripting (XSS) vulnerabilities in the testcanvas node in SAP NetWeaver Business Client (NWBC) allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) sap-accessibility parameter.... Read more

    Affected Products : netweaver_business_client
    • Published: Jun. 13, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4714

    Cross-site scripting (XSS) vulnerability in the DreamBox DM500-S allows remote attackers to inject arbitrary web script or HTML via the mode parameter to /body.... Read more

    • Published: Jun. 22, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2009-0573

    Multiple cross-site scripting (XSS) vulnerabilities in FotoWeb 6.0 (Build 273) allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to cmdrequest/Login.fwx and the (2) search parameter to Grid.fwx.... Read more

    Affected Products : fotoweb
    • Published: Feb. 13, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2005-4580

    Cross-site scripting (XSS) vulnerability in Day Communique 4 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search.... Read more

    Affected Products : communique
    • Published: Dec. 29, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-49849

    Missing Authorization vulnerability in Aakash Chakravarthy Shortcoder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcoder: from n/a through 6.3.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 4.3

    MEDIUM
    CVE-2017-12973

    Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.... Read more

    Affected Products : nimbus_jose\+jwt
    • Published: Aug. 20, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-3051

    IBM Security Access Manager for Web 9.0.0 could allow an authenticated user to access some privileged functionality of the server. IBM X-Force ID: 114714.... Read more

    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2010-4822

    core/model/MySQLDatabase.php in SilverStripe 2.4.x before 2.4.4, when the site is running in "live mode," allows remote attackers to obtain the SQL queries for a page via the showqueries and ajax parameters.... Read more

    Affected Products : silverstripe
    • Published: Sep. 17, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2019-0364

    Attackers may misuse an HTTP/REST endpoint of SAP HANA Extended Application Services (Advanced model), before version 1.0.118, to enumerate open ports.... Read more

    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-6459

    ConnMan 1.3 on Tizen continues to list the bluetooth service after offline mode has been enabled, which might allow remote attackers to obtain sensitive information via Bluetooth packets.... Read more

    Affected Products : connman tizen
    • Published: Jan. 01, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2016-0358

    IBM Sametime 8.5.2 and 9.0 could allow an unauthorized authenticated user to enumerate group chat ID numbers and join meetings that he was not invited to. IBM X-Force ID: 111928.... Read more

    Affected Products : sametime
    • Published: Aug. 29, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2008-6400

    Cross-site scripting (XSS) vulnerability in refbase before 0.9.5 allows remote attackers to inject arbitrary web script or HTML via the headerMsg parameter to (1) show.php and (2) search.php. NOTE: some of these details are obtained from third party info... Read more

    Affected Products : refbase
    • Published: Mar. 05, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 293508 Results