Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2008-7092

    Multiple cross-site scripting (XSS) vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote attackers to inject arbitrary web script or HTML via a Javascript event in the (1) url, (2) PageName, and (3) title parameters in a CustomBookMarkLink a... Read more

    Affected Products : affinium_campaign
    • Published: Aug. 26, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-6490

    Cross-site request forgery (CSRF) vulnerability in Falcon Series One CMS 1.4.3 allows remote attackers to change a password via a certain changepass action to index.php.... Read more

    Affected Products : series_one_cms
    • Published: Dec. 20, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-2490

    Cross-site scripting (XSS) vulnerability in the KJ Image Lightbox 2 (aka kj_imagelightbox2) extension 1.4.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified "user input."... Read more

    Affected Products : kj_imagelightbox2
    • Published: May. 28, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-7133

    Multiple cross-site scripting (XSS) vulnerabilities in onlinetools.org EasyImageCatalogue 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) search and (2) d index.php parameters to index.php, (3) dir parameter to thumber.php,... Read more

    Affected Products : easyimagecatalogue
    • Published: Sep. 01, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-3187

    Cross-site scripting (XSS) vulnerability in gamelist.php in Stand Alone Arcade 1.1 allows remote attackers to inject arbitrary web script or HTML via the cat parameter.... Read more

    Affected Products : saa
    • Published: Sep. 15, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2018-0589

    Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated attackers to bypass access restriction to add a new form in the 'Forms' page via unspecified vectors.... Read more

    • Published: May. 14, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-45150

    Nextcloud calendar is a calendar app for the Nextcloud server platform. Due to missing precondition checks the server was trying to validate strings of any length as email addresses even when megabytes of data were provided, eventually making the server b... Read more

    Affected Products : nextcloud_server calendar notes
    • Published: Oct. 16, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-2669

    Cross-site scripting (XSS) vulnerability in admin/editors/text/editor-body.php in Orbis CMS 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter.... Read more

    Affected Products : orbis_cms
    • Published: Jul. 08, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2007-3448

    Cross-site scripting (XSS) vulnerability in index.php in BugMall Shopping Cart 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the msgs parameter. NOTE: 4.0.2 and other versions might also be affected.... Read more

    Affected Products : shopping_cart
    • Published: Jun. 27, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2020-26177

    In tangro Business Workflow before 1.18.1, a user's profile contains some items that are greyed out and thus are not intended to be edited by regular users. However, this restriction is only applied client-side. Manipulating any of the greyed-out values i... Read more

    Affected Products : business_workflow
    • Published: Dec. 18, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-10439

    A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.... Read more

    Affected Products : crx_content_package_deployer
    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-50671

    Incorrect access control in Adapt Learning Adapt Authoring Tool <= 0.11.3 allows attackers with Authenticated User roles to obtain email addresses via the "Get users" feature. The vulnerability occurs due to a flaw in permission verification logic, where ... Read more

    Affected Products :
    • Published: Nov. 25, 2024
    • Modified: Dec. 04, 2024

  • 4.3

    MEDIUM
    CVE-2006-6955

    Opera allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723.... Read more

    Affected Products : opera_browser
    • Published: Jan. 29, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-48906

    Stack Overflow vulnerability in Btstack 1.6 and earlier allows attackers to cause a denial of service via crafted input to the char_for_nibble function.... Read more

    Affected Products :
    • Published: Apr. 01, 2024
    • Modified: Mar. 28, 2025

  • 4.3

    MEDIUM
    CVE-2022-27576

    Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission... Read more

    Affected Products : android dex
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-2986

    Cross-site scripting (XSS) vulnerability in webacs/QuickSearchAction.do in the search feature in the web interface in Cisco Wireless Control System (WCS) before 6.0(194.0) and 7.x before 7.0.164 allows remote attackers to inject arbitrary web script or HT... Read more

    Affected Products : wireless_control_system_software
    • Published: Aug. 10, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-0107

    Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote attackers to affect availability via unknown vectors related to Web.... Read more

    Affected Products : fusion_middleware
    • Published: Oct. 16, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-4942

    Multiple cross-site scripting (XSS) vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to inject arbitrary web script or HTML via an arbitrary text field.... Read more

    Affected Products : fleetcommander fleetcommander_kiosk
    • Published: Nov. 18, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-5430

    Mozilla Thunderbird 2.0.14 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which might allow remote attackers to cause a denial of servic... Read more

    Affected Products : thunderbird
    • Published: Dec. 13, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-4883

    Cross-site scripting (XSS) vulnerability in the BotQuery extension in MediaWiki 1.7.x and earlier before SVN 20070910 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a similar issue to CVE-2007-4828.... Read more

    Affected Products : mediawiki
    • Published: Sep. 14, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 294846 Results