Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2006-5071

    Multiple cross-site scripting (XSS) vulnerabilities in eyeOS before 0.9.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) eyeNav and (2) system/baixar.php.... Read more

    Affected Products : eyeos
    • Published: Sep. 28, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2018-0927

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Serv... Read more

    • Published: Mar. 14, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2006-5496

    Multiple cross-site scripting (XSS) vulnerabilities in Timothy Claason KnowledgeBank 1.01 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) index.php, (2) addknowledge.php, and (3) addscreenshot.php.... Read more

    Affected Products : knowledgebank
    • Published: Oct. 25, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-4894

    Cross-site scripting (XSS) vulnerability in forms/lostpassword.php in iDevSpot NixieAffiliate 1.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter.... Read more

    Affected Products : nixieaffiliate
    • Published: Sep. 19, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2015-5255

    Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows... Read more

    • Published: Nov. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2239

    Google Chrome before 41.0.2272.76, when Instant Extended mode is used, does not properly consider the interaction between the "1993 search" features and restore-from-disk RELOAD transitions, which makes it easier for remote attackers to spoof the address ... Read more

    Affected Products : chrome
    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2006-5035

    Multiple cross-site scripting (XSS) vulnerabilities in Paul Smith Computer Services vCAP 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the statusmsg parameter in RegisterPage.cgi or (2) a URI corresponding to a nonexistent fi... Read more

    Affected Products : vcap
    • Published: Sep. 27, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-5577

    Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka "TIF Folder Information Disclosure Vulner... Read more

    Affected Products : ie
    • Published: Dec. 12, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-5515

    Cross-site scripting (XSS) vulnerability in lib-history.inc.php in phpAdsNew and phpPgAds before 2.0.8-pr1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to injected data that is stored by a delivery script... Read more

    Affected Products : phpadsnew phppgads
    • Published: Oct. 26, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2022-1872

    Insufficient policy enforcement in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Jul. 27, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-8371

    VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host, which allows man-in-the-middle attackers to spoof CIM server... Read more

    Affected Products : vcenter_server_appliance
    • Published: Dec. 08, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2023-30524

    Jenkins Report Portal Plugin 0.5 and earlier does not mask ReportPortal access tokens displayed on the configuration form, increasing the potential for attackers to observe and capture them.... Read more

    Affected Products : report_portal
    • Published: Apr. 12, 2023
    • Modified: Feb. 07, 2025

  • 4.3

    MEDIUM
    CVE-2004-1840

    Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) screen parameter to modules.php, (2) module_name parameter to title.php, (3) sortby param... Read more

    Affected Products : php-nuke
    • Published: Mar. 22, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-25687

    IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to obtain sensitive information from log files. IBM X-Force ID: 247602.... Read more

    Affected Products : security_key_lifecycle_manager
    • Published: Mar. 21, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2004-1442

    Cross-site scripting (XSS) vulnerability in db2www CGI interpreter in IBM Net.Data 7 and 7.2 allows remote attackers to inject arbitrary web script or HTML via a macro filename, which is not properly handled by error messages such as "DTWP001E."... Read more

    Affected Products : net.data
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2019-11544

    An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It allows Information Disclosure. Non-member users who subscribe to notifications of an internal ... Read more

    Affected Products : gitlab
    • Published: Sep. 09, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2004-1417

    Cross-site scripting (XSS) vulnerability in login.php in PsychoStats 2.2.4 Beta and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter.... Read more

    Affected Products : psychostats
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1418

    Cross-site scripting (XSS) vulnerability in WPKontakt 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an e-mail address, which is not quoted when a parsing error is generated.... Read more

    Affected Products : wpkontakt
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2020-6371

    User enumeration vulnerability can be exploited to get a list of user accounts and personal user information can be exposed in SAP NetWeaver Application Server ABAP (POWL test application) versions - 710, 711, 730, 731, 740, 750, leading to Information Di... Read more

    • Published: Oct. 15, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2004-1412

    Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 2.x allows remote attackers to inject arbitrary web script or HTML via the searchm parameter.... Read more

    Affected Products : esupport
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 293407 Results