Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2011-0653

    Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability."... Read more

    • Published: Sep. 15, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2325

    Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL in... Read more

    Affected Products : websphere_application_server zos
    • Published: Jun. 18, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-3715

    Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the RemoveXSS function, and allow remote ... Read more

    Affected Products : typo3
    • Published: Oct. 25, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-2151

    Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : spip
    • Published: Aug. 14, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2002-1702

    Cross-site scripting vulnerability (XSS) in DeltaScripts PHP Classifieds 6.0.5 allows remote attackers to execute arbitrary script as other users via the URL parameter.... Read more

    Affected Products : php_classifieds
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2002-2273

    Cross-site scripting (XSS) vulnerability in Webster HTTP Server allows remote attackers to inject arbitrary web script or HTML via the URL.... Read more

    Affected Products : webster_http_server
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2002-1803

    Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.... Read more

    Affected Products : php-nuke
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2011-0552

    Multiple cross-site scripting (XSS) vulnerabilities in the management console in Symantec IM Manager before 8.4.18 allow remote attackers to inject arbitrary web script or HTML via the (1) refreshRateSetting parameter to IMManager/Admin/IMAdminSystemDashb... Read more

    Affected Products : im_manager
    • Published: Oct. 02, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-3036

    Cross-site scripting (XSS) vulnerability in the console in Symantec IM Manager 8.3 and 8.4 before 8.4.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : im_manager
    • Published: Feb. 23, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-3013

    Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location head... Read more

    Affected Products : opera_browser
    • Published: Aug. 31, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-3697

    The wait_for_child_to_die function in main/event.c in FreeRADIUS 2.1.x before 2.1.10, in certain circumstances involving long-term database outages, does not properly handle long queue times for requests, which allows remote attackers to cause a denial of... Read more

    Affected Products : freeradius
    • Published: Oct. 07, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-2947

    Cross-site scripting (XSS) vulnerability in Xapian Omega before 1.0.16 allows remote attackers to inject arbitrary web script or HTML via unspecified CGI parameter values, which are sometimes included in exception messages.... Read more

    Affected Products : omega
    • Published: Sep. 14, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2011-0031

    The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain s... Read more

    Affected Products : windows_7 windows_server_2008
    • Published: Feb. 09, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2002-1683

    Cross-site scripting (XSS) vulnerability in BadBlue Personal Edition 1.7.3 allows remote attackers to execute arbitrary script as other users by injecting script into the cleanSearchString() function.... Read more

    Affected Products : badblue
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2009-2862

    The Object Groups for Access Control Lists (ACLs) feature in Cisco IOS 12.2XNB, 12.2XNC, 12.2XND, 12.4MD, 12.4T, 12.4XZ, and 12.4YA allows remote attackers to bypass intended access restrictions via crafted requests, aka Bug IDs CSCsx07114, CSCsu70214, CS... Read more

    Affected Products : ios
    • Published: Sep. 28, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3299

    Cross-site scripting (XSS) vulnerability in the resume blocktype in Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : mahara
    • Published: Nov. 03, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2012-2849

    Off-by-one error in the GIF decoder in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image.... Read more

    Affected Products : linux_kernel chrome mac_os_x windows frame
    • Published: Aug. 06, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-3877

    Cross-site scripting (XSS) vulnerability in the appcache internals page in Google Chrome before 15.0.874.102 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : chrome
    • Published: Oct. 25, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-3434

    The WiFi component in Apple iOS before 5 stores WiFi credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application.... Read more

    Affected Products : iphone_os
    • Published: Oct. 14, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2018-13290

    Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the file_path parameter.... Read more

    Affected Products : router_manager
    • Published: Apr. 01, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 293620 Results