Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2019-13708

    Inappropriate implementation in navigation in Google Chrome on iOS prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.... Read more

    Affected Products : chrome backports_sle
    • Published: Nov. 25, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-2733

    Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "UAG XS... Read more

    Affected Products : forefront_unified_access_gateway
    • Published: Nov. 10, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2019-13667

    Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.... Read more

    Affected Products : chrome iphone_os
    • Published: Nov. 25, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2005-0945

    Cross-site scripting (XSS) vulnerability in ACS Blog 1.1.1 allows remote attackers to inject arbitrary web script or HTML via onmouseover or onload events in (1) img, (2) link, or (3) mail tags.... Read more

    Affected Products : acs_blog
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-40611

    Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, ... Read more

    Affected Products : airflow
    • Published: Sep. 12, 2023
    • Modified: Jun. 25, 2025

  • 4.3

    MEDIUM
    CVE-2022-36918

    Jenkins Buckminster Plugin 1.1.1 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins control... Read more

    Affected Products : buckminster
    • Published: Jul. 27, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2004-1999

    Cross-site scripting (XSS) vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to inject arbitrary HTML and web script via the (1) ttitle or (2) sid parameters to modules.php.... Read more

    Affected Products : php-nuke
    • Published: May. 05, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2023-32988

    A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.... Read more

    Affected Products : azure_vm_agents
    • Published: May. 16, 2023
    • Modified: Jan. 23, 2025

  • 4.3

    MEDIUM
    CVE-2023-32985

    Jenkins Sidebar Link Plugin 2.2.1 and earlier does not restrict the path of files in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins contro... Read more

    Affected Products : sidebar_link
    • Published: May. 16, 2023
    • Modified: Jan. 23, 2025

  • 4.3

    MEDIUM
    CVE-2023-35984

    The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An attacker in physical proximity can cause a limited out of bounds write.... Read more

    Affected Products : macos iphone_os tvos watchos ipados
    • Published: Sep. 27, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2008-6687

    Cross-site scripting (XSS) vulnerability in DCD GoogleMap (dcdgooglemap) 1.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.... Read more

    Affected Products : typo3 dcdgooglemap
    • Published: Apr. 10, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2022-36917

    A missing permission check in Jenkins Google Cloud Backup Plugin 0.6 and earlier allows attackers with Overall/Read permission to request a manual backup.... Read more

    Affected Products : google_cloud_backup
    • Published: Jul. 27, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-6441

    Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page.... Read more

    Affected Products : fedora debian_linux leap chrome backports
    • Published: Apr. 13, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2005-1713

    Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) templatedropdown and (2) shoutbox plugins.... Read more

    Affected Products : serendipity
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1004

    Cross-site scripting (XSS) vulnerability in usrdetails.php in ProfitCode PayProCart 3.0 allows remote attackers to inject arbitrary web script or HTML via the sgnuptype parameter.... Read more

    Affected Products : payprocart
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1010

    Cross-site scripting (XSS) vulnerability in Comersus Cart 6 allows remote attackers to inject arbitrary web script or HTML via the account username.... Read more

    Affected Products : comersus_cart
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1316

    Cross-site scripting (XSS) vulnerability in Horde Accounts module before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.... Read more

    Affected Products : accounts
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2088

    The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Enc... Read more

    Affected Products : debian_linux http_server
    • Published: Jul. 05, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-0641

    Cross-site scripting (XSS) vulnerability in the Reporter for Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 allows remote attackers to inject arbitrary HTML or web script via the (1) name or (2) description in a report template.... Read more

    Affected Products : unicenter_asset_management
    • Published: Mar. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2022-23258

    Microsoft Edge for Android Spoofing Vulnerability... Read more

    Affected Products : android edge edge_chromium
    • Published: Jan. 25, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 293261 Results