Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-20856

    Improper Authentication vulnerability in Secure Folder prior to SMR May-2024 Release 1 allows physical attackers to access Secure Folder without proper authentication in a specific scenario.... Read more

    Affected Products : android android dex
    • Published: May. 07, 2024
    • Modified: Feb. 07, 2025

  • 4.3

    MEDIUM
    CVE-2009-3915

    Cross-site scripting (XSS) vulnerability in the "Separate title and URL" formatter in the Link module 5.x before 5.x-2.6 and 6.x before 6.x-2.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the link title field.... Read more

    Affected Products : drupal link
    • Published: Nov. 09, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2014-2114

    Cross-site scripting (XSS) vulnerability in UserServlet in Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun24384.... Read more

    Affected Products : emergency_responder
    • Published: Apr. 04, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2006-3229

    Cross-site scripting (XSS) vulnerability in Open WebMail (OWM) 2.52, and other versions released before 05/12/2006, allows remote attackers to inject arbitrary web script or HTML via the (1) To and (2) From fields in openwebmail-main.pl, and possibly (3) ... Read more

    Affected Products : open_webmail
    • Published: Jun. 27, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2007-1161

    Cross-site scripting (XSS) vulnerability in call_entry.php in Call Center Software 0,93 allows remote attackers to inject arbitrary web script or HTML via the problem_desc parameter, as demonstrated by the ONLOAD attribute of a BODY element.... Read more

    Affected Products : call_center_software
    • Published: Mar. 02, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-2669

    Multiple cross-site scripting (XSS) vulnerabilities in Pre Shopping Mall 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) search parameter in search.php (the "search box"), (2) the prodid parameter in detail.php, and the (3) c... Read more

    Affected Products : pre_shopping_mall
    • Published: May. 30, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2022-28870

    A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the address bar was not correct if navigation fails.... Read more

    Affected Products : safe
    • Published: Apr. 15, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-6748

    The Custom Field Template plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the 'cft' shortcode. This makes it possible for authenticated attackers with contributor access and above, to ex... Read more

    Affected Products : custom_field_template
    • Published: Jun. 11, 2024
    • Modified: Jan. 29, 2025

  • 4.3

    MEDIUM
    CVE-2008-3516

    Multiple cross-site scripting (XSS) vulnerabilities in files generated by Adobe Presenter 6 and 7 before 7.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) viewer.swf and (2) loadflash.js, a different... Read more

    Affected Products : presenter
    • Published: Aug. 13, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-1132

    Multiple cross-site scripting (XSS) vulnerabilities in the "Contact Us" functionality in MTCMS 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) message and (2) title fields.... Read more

    Affected Products : mtcms
    • Published: Feb. 27, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-4504

    Multiple cross-site scripting (XSS) vulnerabilities in eSyndiCat Directory 2.3 allow remote attackers to inject arbitrary web script or HTML via the title parameter to (1) suggest-category.php and (2) suggest-listing.php.... Read more

    Affected Products : esyndicat
    • Published: Dec. 08, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-49419

    Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to load an arbitrary URL in its webview.... Read more

    Affected Products :
    • Published: Dec. 03, 2024
    • Modified: Dec. 03, 2024

  • 4.3

    MEDIUM
    CVE-2015-6945

    Cross-site scripting (XSS) vulnerability in JSP/MySQL Administrador Web 1 allows remote attackers to inject arbitrary web script or HTML via the bd parameter to sys/sys/listaBD2.jsp.... Read more

    Affected Products : jsp\/mysql_administrador_web
    • Published: Sep. 15, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2025-31376

    Missing Authorization vulnerability in Mayeenul Islam NanoSupport allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NanoSupport: from n/a through 0.6.0.... Read more

    Affected Products :
    • Published: Mar. 31, 2025
    • Modified: Apr. 01, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2015-7290

    Cross-site scripting (XSS) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 allows remote attackers to inject arbitrary web script or HTML via... Read more

    • Published: Nov. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-4771

    Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) admin/accounts/, (2) admin/manage/, or (3) admin/manage/blocks/edit/; or (4) group pa... Read more

    Affected Products : subrion_cms
    • Published: Oct. 22, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-3854

    Cross-site scripting (XSS) vulnerability in the ZenLite theme before 4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.... Read more

    Affected Products : wordpress zenlite
    • Published: Sep. 28, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-22164

    In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacke... Read more

    Affected Products : enterprise_security
    • Published: Jan. 09, 2024
    • Modified: Jun. 03, 2025

  • 4.3

    MEDIUM
    CVE-2013-4711

    Cross-site scripting (XSS) vulnerability in Accela BizSearch 3.2 on Linux and Solaris allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : bizsearch
    • Published: Oct. 04, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-6902

    Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : garoon
    • Published: Dec. 05, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 293425 Results