Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2023-4909

    Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • Published: Sep. 12, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-3249

    Cross-site scripting (XSS) vulnerability in mod_lettermansubscribe.php in the Letterman Subscriber (mod_letterman) before 1.2.5 module for Joomla! allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter.... Read more

    Affected Products : letterman_subscriber
    • Published: Jun. 18, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-2789

    The BMP image parser in Sun Java Development Kit (JDK) before 1.5.0_11-b03 and 1.6.x before 1.6.0_01-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.2_14 and earlier, and SDK and JRE 1.3.1_19 ... Read more

    Affected Products : jre sdk jdk
    • Published: May. 22, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-4554

    Cross-site scripting (XSS) vulnerability in tiki-remind_password.php in Tikiwiki (aka Tiki CMS/Groupware) 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: this issue might be related to CVE-2006-2635.... Read more

    Affected Products : tikiwiki_cms\/groupware
    • Published: Aug. 28, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-4587

    Cross-site scripting (XSS) vulnerability in Easy Software Cafeteria escafeWeb (aka Tuigwaa) 1.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the setting of option.nopage.create i... Read more

    Affected Products : escafeweb
    • Published: Aug. 29, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-4612

    CRLF injection vulnerability in contact.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to add arbitrary mail headers via CRLF sequences in the subject parameter. NOTE: this can be leveraged for spam by adding To or Cc headers.... Read more

    Affected Products : contact_form
    • Published: Aug. 31, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-4734

    Buffer overflow in Ots Labs OTSTurntables 1.00 allows user-assisted remote attackers to execute arbitrary code via a long file path in an m3u file.... Read more

    Affected Products : otsturntables
    • Published: Sep. 06, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-3226

    Cross-site scripting (XSS) vulnerability in dotProject before 2.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2006-2851 and CVE-2006-3240.... Read more

    Affected Products : dotproject
    • Published: Jun. 14, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-7190

    Cross-site scripting (XSS) vulnerability in cgi-bin/user-lib/topics.pl in web-app.net WebAPP before 20060515 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the viewnews function, related to use of doubbctopic ins... Read more

    Affected Products : webapp
    • Published: Apr. 03, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-4595

    Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.12 allows remote attackers to inject arbitrary web script or HTML in certain circumstances involving (1) lack of charset specification within a META element or (2) a META element that specifies ... Read more

    Affected Products : mayaa
    • Published: Aug. 29, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-7165

    IBM WebSphere Application Server (WAS) 5.0 through 5.1.1.0 allows remote attackers to obtain JSP source code and other sensitive information via certain "special URIs."... Read more

    Affected Products : websphere_application_server
    • Published: Mar. 20, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-7164

    SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information ... Read more

    • Published: Mar. 20, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-4713

    Multiple cross-site scripting (XSS) vulnerabilities in urchin.cgi in Urchin 5.6.00r2 allow remote attackers to inject arbitrary web script or HTML via the (1) dtc, (2) vid, (3) n, (4) dt, (5) ed, and (6) bd parameters.... Read more

    Affected Products : urchin
    • Published: Sep. 05, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-4625

    Polipo before 1.0.2 allows remote HTTP servers to cause a denial of service (daemon crash) by aborting the response to a POST request.... Read more

    Affected Products : polipo
    • Published: Aug. 31, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-2915

    Cross-site scripting (XSS) vulnerability in RM EasyMail Plus allows remote attackers to inject arbitrary web script or HTML via the title field in an email.... Read more

    Affected Products : rm_easymail_plus
    • Published: May. 30, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-2805

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in ClientExec (CE) 3.0 beta2, and possibly other versions, allow remote attackers to inject arbitrary web script or HTML via the (1) ticketID, (2) view, and (3) fuse parameters.... Read more

    Affected Products : clientexec
    • Published: May. 22, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-5542

    Students in "Only see own membership" groups could see other students in the group, which should be hidden.... Read more

    • Published: Nov. 09, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-3239

    Cross-site scripting (XSS) vulnerability in searchform.php in the AndyBlue theme before 20070607 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to index.php. NOTE: this can be leveraged for ... Read more

    Affected Products : wordpress
    • Published: Jun. 15, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-3213

    Multiple cross-site scripting (XSS) vulnerabilities in comments.cgi in Sporum Forum 3.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view and (2) mode parameters.... Read more

    Affected Products : sporum_forum
    • Published: Jun. 14, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2025-5846

    An issue has been discovered in GitLab EE affecting all versions from 16.10 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to assign unrelated compliance frameworks to projects by sending crafted Gra... Read more

    Affected Products : gitlab
    • Published: Jun. 26, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Authorization
Showing 20 of 294433 Results