Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2005-1053

    Multiple cross-site scripting (XSS) vulnerabilities in orderwiz.php in ModernBill 4.3.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) c_code or (2) aid parameters.... Read more

    Affected Products : modernbill
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1077

    Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.4.x allow remote attackers to inject arbitrary web script or HTML via (1) cds.php, (2) Guestbook-EN.pl, or (3) phonebook.php.... Read more

    Affected Products : apache_distribution
    • Published: Apr. 12, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-21834

    Vulnerability in the Oracle Self-Service Human Resources product of Oracle E-Business Suite (component: Workflow, Approval, Work Force Management). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privi... Read more

    Affected Products : self-service_human_resources
    • Published: Jan. 18, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2018-10140

    The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 and earlier may allow an authenticated user to shut down all management sessions, resulting in all logged in users to be redirected to the login page. PAN-OS 6.1, PAN-OS 7.1 and PAN-OS... Read more

    Affected Products : pan-os
    • Published: Aug. 16, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2006-5771

    Cross-site scripting (XSS) vulnerability in Arkoon SSL360 1.0 and 2.0 before 2.0/2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : ssl360
    • Published: Nov. 06, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2005-1231

    Cross-site scripting (XSS) vulnerability in the NewTerm function in GlossaryModel.php in JAWS 0.4 allows remote attackers to inject arbitrary web script or HTML via the (1) term or (2) description.... Read more

    Affected Products : jaws
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1311

    Cross-site scripting (XSS) vulnerability in Yappa-NG before 2.3.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.... Read more

    Affected Products : yappa-ng
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-21833

    Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Object Store). The supported version that is affected is 8.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to com... Read more

    Affected Products : zfs_storage_appliance_kit
    • Published: Feb. 17, 2024
    • Modified: Mar. 27, 2025

  • 4.3

    MEDIUM
    CVE-2024-4751

    The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : wp_prayer prayer
    • Published: Jun. 14, 2024
    • Modified: Jul. 11, 2025

  • 4.3

    MEDIUM
    CVE-2006-5516

    Multiple cross-site scripting (XSS) vulnerabilities in actions/usersettings.php in WikiNi before 0.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) email parameters to wakka.php.... Read more

    Affected Products : wikini
    • Published: Oct. 26, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-1999-0999

    Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet.... Read more

    Affected Products : sql_server
    • Published: Nov. 19, 1999
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2022

    Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch 1 and Sun ONE Messaging Server 6.2 allows remote attackers to execute arbitrary Javascript, possibly due to a cross-site scripting (XSS) vulnerability.... Read more

    • Published: Jun. 17, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2093

    Oracle 9i Application Server (Oracle9iAS) 9.0.2 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length h... Read more

    Affected Products : application_server
    • Published: Jul. 05, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2015-5862

    The Audio component in Apple iOS before 9 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted audio file.... Read more

    Affected Products : mac_os_x iphone_os watchos
    • Published: Sep. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2005-2191

    Multiple cross-site scripting (XSS) vulnerabilities in Comersus shopping cart allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to comersus_backoffice_listAssignedPricesToCustomer.asp or (2) message parameter to come... Read more

    Affected Products : comersus_cart
    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2020-10493

    CSRF in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a glossary term, given the id, via a crafted request.... Read more

    Affected Products : phpkb
    • Published: Mar. 12, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2005-2215

    Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x before 1.4.6 and 1.5 before 1.5beta3 allows remote attackers to inject arbitrary web script or HTML via a parameter in the page move template, a different vulnerability than CVE-2005-1888.... Read more

    Affected Products : mediawiki
    • Published: Jul. 12, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2017-3473

    Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0.1 and 12.0.1. Easily "exploitable" vulnerability allows lo... Read more

    Affected Products : flexcube_private_banking
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2005-2326

    Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and 2.0a allows remote attackers to inject arbitrary web script or HTML via the yr parameter to calendar.php.... Read more

    Affected Products : clever_copy
    • Published: Jul. 19, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2013-4037

    The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers... Read more

    • Published: Aug. 09, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 294863 Results