Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2013-5955

    Cross-site scripting (XSS) vulnerability in manage.php in the PBBooking (com_pbbooking) component 2.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the an arbitrary parameter in an edit action to administrator/index.php.... Read more

    Affected Products : joomla\! com_pbbooking
    • Published: Mar. 19, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4559

    Cross-site scripting (XSS) vulnerability in the product deployment feature in the Java core web services in Intel McAfee ePolicy Orchestrator (ePO) before 5.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : epolicy_orchestrator
    • Published: Jun. 15, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-2077

    Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 7.4.1 before 7.4.1-rev10 and 7.4.2 before 7.4.2-rev8 allows remote attackers to inject arbitrary web script or HTML via the subject of an email, involving 'the aria "ta... Read more

    Affected Products : open-xchange_appsuite
    • Published: Mar. 20, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4871

    Cross-site scripting (XSS) vulnerability in wlsecurity.html on NetCommWireless NB604N routers with firmware before GAN5.CZ56T-B-NC.AU-R4B030.EN allows remote attackers to inject arbitrary web script or HTML via the wlWpaPsk parameter.... Read more

    Affected Products : nb604n_firmware nb604n
    • Published: Oct. 07, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-1224

    Incomplete blacklist vulnerability in the user registration feature in rexx Recruitment R6.1 and R7 without "fixes from 2014-01-15" allows remote attackers to conduct cross-site scripting (XSS) attacks via the oninput event handler in the fname parameter ... Read more

    Affected Products : recruitment
    • Published: Oct. 06, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-6296

    Cross-site scripting (XSS) vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : wec_map
    • Published: Oct. 03, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-0807

    Cross-site scripting (XSS) vulnerability in the NewSectionPrompt function in include/tool/editing_page.php in gpEasy CMS 3.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the section parameter in a new_section action to ... Read more

    Affected Products : gpeasy_cms
    • Published: Mar. 28, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-0086

    The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a large number of malformed atmosphere push requests.... Read more

    Affected Products : richfaces jboss_web_framework_kit
    • Published: Mar. 31, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-2116

    Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject web pages and modify dynamic content via unspecified parameters, aka Bug ID CSCun37882.... Read more

    Affected Products : emergency_responder
    • Published: Apr. 04, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2007-4301

    Multiple cross-site scripting (XSS) vulnerabilities in the management interface in WebCart 2.20 through 2.25 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : webcart
    • Published: Aug. 13, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2012-1834

    Cross-site scripting (XSS) vulnerability in the cms_tpv_admin_head function in functions.php in the CMS Tree Page View plugin before 0.8.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cms_tpv_view parameter to wp-ad... Read more

    Affected Products : cms_tree_page_view
    • Published: Apr. 07, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2007-4310

    The finger daemon (in.fingerd) in Sun Solaris 7 through 9 allows remote attackers to list all accounts that have certain nonstandard GECOS fields via a request composed of a single digit, as demonstrated by a "finger 9@host" command, a different vulnerabi... Read more

    Affected Products : solaris sunos
    • Published: Aug. 13, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2015-4657

    Cross-site scripting (XSS) vulnerability in Mailbird 2.0.16.0 and earlier allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted URL.... Read more

    Affected Products : mailbird
    • Published: Jun. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-5039

    The BGP Router process in Cisco IOS before 12.2(50)SY1 allows remote attackers to cause a denial of service (memory consumption) via vectors involving BGP path attributes, aka Bug ID CSCsw63003.... Read more

    Affected Products : ios
    • Published: Apr. 23, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-2391

    The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, w... Read more

    Affected Products : open-xchange_appsuite
    • Published: Apr. 24, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2007-4317

    Multiple cross-site request forgery (CSRF) vulnerabilities in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allow remote attackers to perform certain actions as administrators, as demonstrated by a request to Forms/Gen... Read more

    Affected Products : zynos zywall_2
    • Published: Aug. 13, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2014-2715

    Multiple cross-site scripting (XSS) vulnerabilities in vwrooms\templates\logout.tpl.php in the VideoWhisper Webcam plugins for Drupal 7.x allow remote attackers to inject arbitrary web script or HTML via the (1) module or (2) message parameter to index.ph... Read more

    Affected Products : videowhisper
    • Published: Apr. 28, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-3991

    Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) dol_use_jmobile, (2) dol_optimize_smallscreen, (3) dol_no_mouse_hover, (4) dol_hide_topmenu, (5) dol_hi... Read more

    Affected Products : dolibarr_erp\/crm
    • Published: Jul. 11, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4945

    Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via an unspecified flag in the ba... Read more

    Affected Products : groupware internet_mail_program
    • Published: Jul. 14, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2007-3202

    Cross-site scripting (XSS) vulnerability in the rich text editor in Webwiz allows remote attackers to inject arbitrary web script or HTML via URL-encoded HTML composed of a frameset in which a frame has a SRC attribute pointing to a JavaScript document.... Read more

    Affected Products : web_wiz_rich_text_editor
    • Published: Jun. 12, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 293331 Results