Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2019-10377

    A missing permission check in Jenkins Avatar Plugin 1.2 and earlier allows attackers with Overall/Read access to change the avatar of any user of Jenkins.... Read more

    Affected Products : avatar
    • Published: Aug. 07, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-21590

    Directory traversal in coreframe/app/template/admin/index.php in WUZHI CMS 4.1.0 allows attackers to list files in arbitrary directories via the dir parameter.... Read more

    Affected Products : wuzhicms
    • Published: Apr. 02, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-5066

    The createRandomPassword function in includes/functions_common.php in Virtual War (aka VWar) 1.6.1 R2 uses a small range of values to select the seed argument for the PHP mt_srand function, which makes it easier for remote attackers to determine randomly ... Read more

    Affected Products : virtual_war
    • Published: Oct. 08, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2023-50923

    In QUIC in RFC 9000, the Latency Spin Bit specification (section 17.4) does not strictly constrain the bit value when the feature is disabled, which might allow remote attackers to construct a covert channel with data represented as changes to the bit val... Read more

    Affected Products :
    • Published: Feb. 21, 2024
    • Modified: Dec. 04, 2024

  • 4.3

    MEDIUM
    CVE-2014-2193

    Cisco Unified Web and E-Mail Interaction Manager places session identifiers in GET requests, which allows remote attackers to inject conversation text by obtaining a valid identifier, aka Bug ID CSCuj43084.... Read more

    • Published: May. 20, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2004-2325

    Cross-site scripting (XSS) vulnerability in EditModule.aspx for DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to inject arbitrary web script or HTML.... Read more

    Affected Products : dotnetnuke
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2019-15610

    Improper authorization in the Circles app 0.17.7 causes retaining access when an email address was removed from a circle.... Read more

    Affected Products : circles
    • Published: Feb. 04, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-0566

    Unspecified vulnerability in the Oracle Agile component in Oracle Supply Chain Products Suite 5.2.2, 6.0.0, and 6.1.1 allows remote attackers to affect integrity via unknown vectors related to Supplier Portal.... Read more

    Affected Products : supply_chain_products_suite
    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-3466

    Cross-site scripting (XSS) vulnerability in index.php in the hosted_signup module in NetArt Media iBoutique.MALL 1.2 allows remote attackers to inject arbitrary web script or HTML via the tmpl parameter. NOTE: some of these details are obtained from thir... Read more

    Affected Products : iboutique.mall
    • Published: Sep. 17, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1332

    Cross-site scripting (XSS) vulnerability in PrettyBook PrettyFormMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : prettyformmail
    • Published: Apr. 09, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-8181

    A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars.... Read more

    Affected Products : contacts
    • Published: Jul. 10, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-0484

    The server process in IBM Cognos TM1 10.1.x before 10.1.1 FP1 allows remote attackers to cause a denial of service (daemon crash) via an undocumented API call that triggers the transmission of unexpected data.... Read more

    Affected Products : cognos_tm1
    • Published: Jun. 19, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2004-2293

    Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Review... Read more

    Affected Products : php-nuke
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2013-0523

    IBM WebSphere Commerce Enterprise 5.6.x through 5.6.1.5, 6.0.x through 6.0.0.11, and 7.0.x through 7.0.0.7 does not use a suitable encryption algorithm for storefront web requests, which allows remote attackers to obtain sensitive information via a paddin... Read more

    Affected Products : websphere_commerce
    • Published: Jun. 21, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-7777

    Cross-site scripting (XSS) vulnerability in index.php in JosephErnest Void before 2015-10-02 allows remote attackers to inject arbitrary web script or HTML via a crafted URI.... Read more

    Affected Products : void
    • Published: Nov. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2021-44444

    A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT... Read more

    Affected Products : jt_open_toolkit jt_utilities
    • Published: Dec. 14, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-5010

    Cross-site scripting (XSS) vulnerability in schoolmv2/html/studentmain.php in SchoolMation 2.3 allows remote attackers to inject arbitrary web script or HTML via the session parameter.... Read more

    Affected Products : schoolmation
    • Published: Nov. 02, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-4515

    Cross-site scripting (XSS) vulnerability in mce_anyfont/dialog.php in the AnyFont plugin 2.2.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the text parameter.... Read more

    Affected Products : anyfont
    • Published: Jul. 01, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2010-1606

    Multiple cross-site scripting (XSS) vulnerabilities in NCT Jobs Portal Script allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) Keywords, (3) Tags, or (4) Desired City field.... Read more

    Affected Products : nct_jobs_portal_script
    • Published: Apr. 29, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-3560

    Cross-site scripting (XSS) vulnerability in kshop_search.php in the Kshop module 2.22 for Xoops allows remote attackers to inject arbitrary web script or HTML via the search parameter.... Read more

    Affected Products : kshop_module
    • Published: Aug. 08, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 294282 Results