Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2017-10856

    SEIL/X 4.60 to 5.72, SEIL/B1 4.60 to 5.72, SEIL/x86 3.20 to 5.72, SEIL/BPV4 5.00 to 5.72 allows remote attackers to cause a temporary failure of the device's encrypted communications via a specially crafted packet.... Read more

    • Published: Sep. 15, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2006-4086

    Cross-site scripting (XSS) vulnerability in index.php in Elaine Aquino Online Zone Journals (OZJournals) 1.5 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. NOTE: the provenance of this information is unknown; t... Read more

    Affected Products : ozjournals
    • Published: Aug. 11, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-4088

    Multiple cross-site scripting (XSS) vulnerabilities in CivicSpace 0.8.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Subject, (2) Comment, and (3) Add new comment sections.... Read more

    Affected Products : civicspace
    • Published: Aug. 11, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2019-4704

    IBM Security Identity Manager Virtual Appliance 7.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the u... Read more

    • Published: Jul. 01, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-0105

    Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : business_process_manager
    • Published: Mar. 24, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2006-4293

    Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter in dohtaccess.html, or the (2) file parameter in (a) editit.html or (b) showfile.html.... Read more

    Affected Products : cpanel
    • Published: Aug. 22, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2012-5226

    Multiple cross-site scripting (XSS) vulnerabilities in Peel SHOPPING 2.8 and 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) motclef parameter to achat/recherche.php or (2) PATH_INFO to index.php.... Read more

    Affected Products : peel_shopping
    • Published: Oct. 01, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-5570

    Cross-site scripting (XSS) vulnerability in the Javascript and CSS Optimizer extension before 1.1.14 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : typo3 js_css_optimizer
    • Published: Aug. 23, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2006-4742

    Cross-site scripting (XSS) vulnerability in user_add.php in IDevSpot PhpLinkExchange 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.... Read more

    Affected Products : phplinkexchange
    • Published: Sep. 13, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2012-5551

    Multiple cross-site scripting (XSS) vulnerabilities in the MailChimp module 7.x-2.x before 7.x-2.7 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) a predictable "webhook URL key" and (2) improper sanitiz... Read more

    Affected Products : drupal mailchimp
    • Published: Dec. 03, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2006-3303

    Multiple cross-site scripting (XSS) vulnerabilities in pm.php in DeluxeBB 1.07 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) to parameters.... Read more

    Affected Products : deluxebb
    • Published: Jun. 29, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3087

    Multiple cross-site scripting (XSS) vulnerabilities in EZGallery 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pUserID, (2) aid, (3) aname, (4) uid, and (5) m parameter in (a) common/galleries.asp; (6) aid, (7) ... Read more

    Affected Products : ezgallery
    • Published: Jun. 19, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2012-3562

    Opera before 12.00 Beta allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page that is not properly handled during a reload, as demonstrated by a "multiple origin camera test" page.... Read more

    Affected Products : opera_browser
    • Published: Jun. 14, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2006-3003

    details.php in Easy Ad-Manager allows remote attackers to obtain the full installation path via an invalid mbid parameter, which leaks the path in an error message. NOTE: this might be resultant from another vulnerability, since this vector also produces... Read more

    Affected Products : easy_ad-manager
    • Published: Jun. 13, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2018-1315

    In Apache Hive 2.1.0 to 2.3.2, when 'COPY FROM FTP' statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP server can cause the file to be written to an arbitrary location on the cluster where the command is run from. This is becaus... Read more

    Affected Products : hive
    • Published: Apr. 05, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-6515

    Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.4, 6.1.x before 6.1.8, 6.0.x before 6.0.9, and 5.0.x before 5.0.13 and Splunk Light 6.2.x before 6.2.4 allows remote attackers to inject arbitrary web script or H... Read more

    Affected Products : splunk
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2001-1524

    Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and file parameters in modules.php, (3) subject, story and st... Read more

    Affected Products : php-nuke
    • Published: Dec. 31, 2001
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2007-3064

    Cross-site scripting (XSS) vulnerability in diary.php in My Databook allows remote attackers to inject arbitrary web script or HTML via the year parameter.... Read more

    Affected Products : my_datebook
    • Published: Jun. 06, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2014-0673

    Multiple cross-site scripting (XSS) vulnerabilities in the web interface on Cisco Video Surveillance 5000 HD IP Dome cameras allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCud10943 and CSCud10950.... Read more

    • Published: Jan. 25, 2014
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2016-0433

    Unspecified vulnerability in the Web Cache component in Oracle Fusion Middleware 11.1.1.9.0 allows remote attackers to affect confidentiality via vectors related to SSL support.... Read more

    Affected Products : fusion_middleware
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 293680 Results