Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2006-0735

    Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom HTML::BBCode 1.04 and earlier, as used in products such as My Blog before 1.65, allows remote attackers to inject arbitrary Javascript via a javascript URI in an (1) img or (2) url BBcode ta... Read more

    Affected Products : my_blog html-bbcode
    • Published: Feb. 16, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2014-9500

    Cross-site scripting (XSS) vulnerability in the Moip module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the notification page callback.... Read more

    Affected Products : moip
    • Published: Jan. 09, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-1931

    The user login page in Visibility Software Cyber Recruiter before 8.1.00 generates different responses for invalid password-retrieval attempts depending on which data elements are incorrect, which might allow remote attackers to obtain account-related inf... Read more

    Affected Products : cyber_recruiter
    • Published: Feb. 10, 2014
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2006-0703

    Unspecified vulnerability in index.php in imageVue 16.1 has unknown impact, probably a cross-site scripting (XSS) vulnerability involving the query string that is not quoted when inserted into style and body tags, as demonstrated using a bgcol parameter.... Read more

    Affected Products : imagevue
    • Published: Feb. 15, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2015-2040

    Cross-site scripting (XSS) vulnerability in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin 2.8.26 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit_time parameter in the CF7DBPlugin... Read more

    Affected Products : contact_form_db
    • Published: Feb. 20, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2006-0675

    Cross-site scripting (XSS) vulnerability in search.php in Siteframe 5.0.1 allows remote attackers to inject arbitrary web script or HTML via the q parameter.... Read more

    Affected Products : siteframe
    • Published: Feb. 13, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0643

    Cross-site scripting (XSS) vulnerability in WiredRed e/pop Web Conferencing 4.1.0.755 allows remote authenticated users to inject arbitrary web script or HTML via the topic name of a conference.... Read more

    Affected Products : e_pop_web_conferencing
    • Published: Feb. 10, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0662

    Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes Client 6.5.4 allows remote attackers to inject arbitrary web script or HTML via email with attached html files, which are directly rendered in the browser.... Read more

    • Published: Feb. 13, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0663

    Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino iNotes Client 6.5.4 and 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) an email subject; (2) an encoded javascript URI, as demonstrated using "java
script:"... Read more

    • Published: Feb. 13, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1648

    Cross-site scripting (XSS) vulnerability in (1) index.asp, (2) ChangePassword.asp, (3) users_list.asp, (4) and users_add.asp in Password Protect allows remote attackers to inject arbitrary web script or HTML via the ShowMsg parameter.... Read more

    Affected Products : password_protect
    • Published: Aug. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0593

    Cross-site scripting (XSS) vulnerability in PHP-Fusion before 6.00.304 allows remote attackers to inject arbitrary web script or HTML via the (1) shout_name field in shoutbox_panel.php and the (2) comments field in comments_include.php.... Read more

    Affected Products : php_fusion
    • Published: Feb. 08, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0533

    Cross-site scripting (XSS) vulnerability in webmailaging.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via the numdays parameter.... Read more

    Affected Products : cpanel
    • Published: Feb. 04, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0571

    Multiple cross-site scripting (XSS) vulnerabilities in phpstatus 1.0 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in the administrative interface.... Read more

    Affected Products : phpstatus
    • Published: Feb. 07, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0501

    Cross-site scripting (XSS) vulnerability in MyCO Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the Name field, when registering a user.... Read more

    Affected Products : myco_guestbook
    • Published: Feb. 01, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0480

    Cross-site scripting (XSS) vulnerability in the Articles module in sPaiz-Nuke allows remote attackers to inject arbitrary web script or HTML via the query parameter in the search file.... Read more

    Affected Products : spaiz-nuke_cms
    • Published: Jan. 31, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2015-2069

    Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.2.11 for WordPress allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING in the wc-reports page to wp-admin/admin.php.... Read more

    Affected Products : woocommerce woocommerce
    • Published: Feb. 24, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2004-1729

    Cross-site scripting (XSS) vulnerability in Nihuo Web Log Analyzer 1.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.... Read more

    Affected Products : web_log_analyzer
    • Published: Aug. 20, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0415

    Cross-site scripting (XSS) vulnerability in index.php in SleeperChat 0.3f and earlier allows remote attackers to inject arbitrary web script or HTML via the pseudo parameter.... Read more

    Affected Products : sleeperchat
    • Published: Jan. 25, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0373

    Cross-site scripting (XSS) vulnerability in register.aspx in Douran FollowWeb allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely ... Read more

    Affected Products : followweb
    • Published: Jan. 22, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0409

    Cross-site scripting (XSS) vulnerability in index.php in Pixelpost Photoblog 1.4.3 allows remote attackers to inject arbitrary web script or HTML via the "Add Comment" field in a comment popup.... Read more

    Affected Products : photoblog
    • Published: Jan. 25, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293619 Results