Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2004-2508

    Cross-site scripting (XSS) vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to inject arbitrary web script or HTML via the next_file parameter.... Read more

    Affected Products : wvc11b
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2618

    Cross-site scripting (XSS) vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to inject arbitrary web script or HTML via the URI, directly after the initial '/' (slash).... Read more

    Affected Products : pegasi_web_server
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3953

    Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter.... Read more

    Affected Products : mybulletinboard
    • Published: Aug. 01, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2013-4047

    Cross-site scripting (XSS) vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 allows remote attackers to inject arbitrary web script or HTML via a crafted link.... Read more

    • Published: Sep. 16, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-3759

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to PIA Search Functionality.... Read more

    • Published: Jul. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2022-23686

    Multiple vulnerabilities exist in the processing of packet data by the LLDP service of AOS-CX. Successful exploitation of these vulnerabilities may allow an attacker to impact the availability of the AOS-CX LLDP service and/or the management plane of the ... Read more

    Affected Products : aos-cx cx_6200f cx_6300 cx_6400 cx_8320 cx_8325 cx_8400 cx_8360 cx_10000 cx_9300 +3 more products
    • Published: Sep. 06, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-3710

    SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate a new secret key when the service starts, which allows remote attackers to defeat intended cryptographic protection mechanisms by leveraging knowledge of this key from a product instal... Read more

    Affected Products : suse_lifecycle_management_server
    • Published: Dec. 10, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2006-0923

    Multiple cross-site scripting (XSS) vulnerabilities in MyPHPNuke (MPN) 1.88 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the letter parameter in reviews.php and (2) the dcategory parameter in download.php.... Read more

    Affected Products : myphpnuke
    • Published: Feb. 28, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2022-26595

    Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does not properly check user permission when accessing a list of sites/groups, which allows remote authenticated users to view sites/groups via the user's site mem... Read more

    • Published: Apr. 19, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-3580

    The TrustGo Antivirus & Mobile Security application before 1.3.6 for Android allows attackers to cause a denial of service (application crash) via a crafted application that sends an intent to com.trustgo.mobile.security.USSDScannerActivity with zero argu... Read more

    Affected Products : antivirus_\&_mobile_security
    • Published: Jul. 29, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-3106

    Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev18, 6.22.0 before rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allow remote attackers to inject arbitrary ... Read more

    • Published: Sep. 05, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-0155

    Cross-site scripting (XSS) vulnerability in index.php in EvilBoard 0.1a (Alpha) allows remote attackers to inject arbitrary web script or HTML via the c parameter.... Read more

    Affected Products : evilboard
    • Published: Jan. 09, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2016-6018

    IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error messages in certain features that could cause an attacker to gain additional information to conduct further attacks. IBM X-Force ID: 116738.... Read more

    Affected Products : emptoris_contract_management
    • Published: Jul. 19, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2014-2153

    Multiple cross-site scripting (XSS) vulnerabilities in INSERT pages in Cisco Prime Infrastructure allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCun21869.... Read more

    Affected Products : prime_infrastructure
    • Published: Feb. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-2006

    Cross-site scripting (XSS) vulnerability in Intercom Web Kyukincho 3.x before 3.0.030 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : web_kyukincho
    • Published: Jun. 28, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2006-4496

    Cross-site scripting (XSS) vulnerability in comments.php in IwebNegar 1.1 allows remote attackers to inject arbitrary web script or HTML via the comment parameter.... Read more

    Affected Products : iwebnegar
    • Published: Aug. 31, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2014-1980

    Cross-site scripting (XSS) vulnerability in include/functions_metadata.inc.php in Piwigo before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the Make field in IPTC Exif metadata within an image uploaded to the Community plugin.... Read more

    Affected Products : piwigo
    • Published: Aug. 14, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2010-4907

    Cross-site scripting (XSS) vulnerability in zp-core/admin.php in Zenphoto 1.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter. NOTE: the from parameter is already covered by CVE-2009-4562.... Read more

    Affected Products : zenphoto
    • Published: Oct. 08, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2007-2968

    Cross-site scripting (XSS) vulnerability in register.php in cpCommerce 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the name parameter (Full Name field).... Read more

    Affected Products : cpcommerce
    • Published: Jun. 01, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2004-2085

    Multiple cross-site scripting (XSS) vulnerabilities in Brad Fears phpCodeCabinet 0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple parameters, including (1) the sid parameter to comments.php, (2) the cid, cf, or rf... Read more

    Affected Products : phpcodecabinet
    • Published: Feb. 04, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 294522 Results