Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2006-6999

    attachment.php in Headstart Solutions DeskPRO allows remote attackers to read all uploaded files by providing the file number in a modified id parameter.... Read more

    Affected Products : deskpro
    • Published: Feb. 12, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-44469

    A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request_uri authorization parameter. This is similar to CVE-2020-10770... Read more

    Affected Products : lemonldap\
    • Published: Sep. 29, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-34888

    The Remote Mount feature can potentially be abused by valid, authenticated users to make connections to internal services that may not normally be accessible to users. Internal service access controls, as applicable, remain in effect.... Read more

    • Published: Jan. 30, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-45824

    OroPlatform is a PHP Business Application Platform (BAP). A logged in user can access page state data of pinned pages of other users by pageId hash. This vulnerability is fixed in 5.1.4.... Read more

    Affected Products : oroplatform
    • Published: Mar. 25, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2006-5486

    Cross-site scripting (XSS) vulnerability in Webmail in Sun Java System Messaging Server 6.0 through 6.2 and iPlanet Messaging Server 5.2 allows remote attackers to execute arbitrary Javascript via crafted messages.... Read more

    • Published: Oct. 24, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-5447

    Cross-site scripting (XSS) vulnerability in index.php in DEV Web Management System (WMS) 1.5 allows remote attackers to inject arbitrary web script or HTML via the action parameter.... Read more

    Affected Products : dev_web_management_system
    • Published: Oct. 23, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-6965

    CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki 2006-03-09e, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the media parameter. NOTE: this is... Read more

    Affected Products : dokuwiki
    • Published: Jan. 29, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-5955

    Cross-site scripting (XSS) vulnerability in updir.php in UPDIR.NET before 2.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : updir.net
    • Published: Nov. 14, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-7023

    Multiple cross-site scripting (XSS) vulnerabilities in fx-APP 0.0.8.1 allow remote attackers to inject arbitrary HTML or web script via (1) the search box, and the (2) url, (3) website, (4) comment, and (5) signature fields in the profile, and possibly (6... Read more

    Affected Products : fx-app
    • Published: Feb. 15, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-6977

    Cross-site scripting (XSS) vulnerability in the "Basic Toolbar Selection" in FreeTextBox allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the (1) href or (2) onmouseover attribute of the A HTML tag.... Read more

    Affected Products : freetextbox
    • Published: Feb. 08, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-5239

    Multiple cross-site scripting (XSS) vulnerabilities in eXpBlog 0.3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the query string (PHP_SELF) in kalender.php or (2) the captcha_session_code parameter in pre_details.php... Read more

    Affected Products : expblog
    • Published: Oct. 12, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2022-1627

    The My Private Site WordPress plugin before 3.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : my_private_site
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-1238

    Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file.... Read more

    Affected Products : office
    • Published: Mar. 03, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-49229

    An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administration web service allows read-only, unprivileged users to obtain sensitive information about the device configuration.... Read more

    Affected Products : balance_two_firmware balance_two
    • Published: Dec. 28, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-0788

    Cross-site scripting (XSS) vulnerability in MediaWiki 1.9.x before 1.9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "sortable tables JavaScript."... Read more

    Affected Products : mediawiki
    • Published: Feb. 06, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-0798

    Multiple cross-site scripting (XSS) vulnerabilities in Ublog Reload 1.0.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) login.asp; and allow remote authenticated users to inject arbitrary web script or HTM... Read more

    Affected Products : ublog_reload
    • Published: Feb. 06, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2022-1872

    Insufficient policy enforcement in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page.... Read more

    Affected Products : chrome edge_chromium
    • Published: Jul. 27, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2006-5741

    Multiple cross-site scripting (XSS) vulnerabilities in AirMagnet Enterprise before 7.5 build 6307 allow remote attackers to inject arbitrary web script or HTML via (1) the 404 error page of the Smart Sensor Edge Sensor; (2) the user name for a failed logo... Read more

    Affected Products : enterprise
    • Published: Nov. 06, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2022-3478

    An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible to trigger a DoS attack by uploading a malicious ... Read more

    Affected Products : gitlab
    • Published: Jan. 26, 2023
    • Modified: Apr. 02, 2025

  • 4.3

    MEDIUM
    CVE-2023-44355

    Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to impact a m... Read more

    Affected Products : coldfusion
    • Published: Nov. 17, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 294337 Results