Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2014-4526

    Multiple cross-site scripting (XSS) vulnerabilities in callback.php in the efence plugin 1.3.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) message, (2) zoneid, (3) pubKey, or (4) privKey parameter.... Read more

    Affected Products : efence
    • Published: Jul. 02, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2008-0749

    Cross-site scripting (XSS) vulnerability in index.php in Calimero.CMS 3.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a calimero_webpage action.... Read more

    Affected Products : calimero.cms
    • Published: Feb. 13, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2015-1385

    Cross-site scripting (XSS) vulnerability in the Blubrry PowerPress Podcasting plugin before 6.0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cat parameter in a powerpress-editcategoryfeed action in the powerpressa... Read more

    Affected Products : powerpress powerpress_podcasting
    • Published: Feb. 02, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-2092

    Cross-site scripting (XSS) vulnerability in lib/filemanager/ImageManager/editorFrame.php in CMS Made Simple 1.11.10 allows remote attackers to inject arbitrary web script or HTML via the action parameter, a different issue than CVE-2014-0334. NOTE: the o... Read more

    Affected Products : cms_made_simple
    • Published: Mar. 02, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1366

    Cross-site scripting (XSS) vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the image_user parameter.... Read more

    Affected Products : pixabay_images
    • Published: Jan. 27, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2008-6891

    Multiple cross-site scripting (XSS) vulnerabilities in ASP Forum Script allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter to (a) new_message.asp and (b) messages.asp, and the (2) query string to default.asp.... Read more

    Affected Products : asp_forum_script
    • Published: Aug. 03, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2020-2296

    A cross-site request forgery (CSRF) vulnerability in Jenkins Shared Objects Plugin 0.44 and earlier allows attackers to configure shared objects.... Read more

    Affected Products : shared_objects
    • Published: Oct. 08, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-4976

    Cross-site scripting (XSS) vulnerability in search/search.php in MetInfo 3.0 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter (aka Search Box field). NOTE: some of these details are obtained from third party inf... Read more

    Affected Products : metinfo
    • Published: Nov. 01, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2018-15392

    A vulnerability in the DHCP service of Cisco Industrial Network Director could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper handling of DHCP lease requests. An attacker coul... Read more

    Affected Products : industrial_network_director
    • Published: Oct. 05, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-1935

    Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4.x before 4 RC4 allow remote attackers to inject arbitrary web script or HTML via the (1) Back parameter to admin/ad.php, or the (2) token or (3) f_email parameter to ... Read more

    Affected Products : newscoop
    • Published: Aug. 27, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-1561

    Cross-site scripting (XSS) vulnerability in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "checkbox an... Read more

    Affected Products : finder
    • Published: Apr. 08, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2005-2084

    Cross-site scripting (XSS) vulnerability in SearchResults.aspx in Community Forum allows remote attackers to inject arbitrary web script or HTML via the q parameter.... Read more

    Affected Products : community_server_forums
    • Published: Jul. 05, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2009-2078

    Multiple cross-site scripting (XSS) vulnerabilities in Booktree 5.x before 5.x-7.3 and 6.x before 6.x-1.1, a module for Drupal, allow remote attackers to inject arbitrary web script or HTML via the (1) node title and (2) node body in a tree root page.... Read more

    Affected Products : drupal booktree
    • Published: Jun. 16, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2005-1803

    Multiple cross-site scripting (XSS) vulnerabilities in Net Portal Dynamic System (NPDS) 5.0 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) admin.php, or (2) powerpack_f.php, (3) the sitename parameter to sd... Read more

    Affected Products : net_portal_dynamic_system
    • Published: May. 29, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3306

    Cross-site scripting (XSS) vulnerability in index.php for FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the user parameter in a profile operation, a different vulnerability than CVE-2005-2814. NOTE: it is possible that... Read more

    Affected Products : flatnuke
    • Published: Oct. 26, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2013-3775

    Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 5.2.1 and 6.0 allows remote attackers to affect integrity via unknown vectors related to Learner Pages.... Read more

    Affected Products : ilearning
    • Published: Jul. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-5331

    Cross-site scripting (XSS) vulnerability in Aflax allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : aflax
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2005-3413

    Cross-site scripting (XSS) vulnerability in desktop.php in eyeOS 0.8.4 allows remote attackers to inject arbitrary web script or HTML via the motd parameter.... Read more

    Affected Products : eyeos
    • Published: Nov. 01, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2016-6028

    IBM Jazz technology based products might allow an attacker to view work item titles that they do not have privilege to view.... Read more

    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2019-4616

    IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The ... Read more

    • Published: Feb. 05, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 293356 Results