Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2006-4941

    Multiple cross-site scripting (XSS) vulnerabilities in Moodle before 1.6.2 might allow remote attackers to inject arbitrary web script or HTML via (1) the choose parameter in files/index.php and (2) the sub parameter in doc/index.php.... Read more

    Affected Products : moodle
    • Published: Sep. 23, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2022-1627

    The My Private Site WordPress plugin before 3.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : my_private_site
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-13719

    Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page.... Read more

    Affected Products : chrome backports_sle
    • Published: Nov. 25, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2006-7023

    Multiple cross-site scripting (XSS) vulnerabilities in fx-APP 0.0.8.1 allow remote attackers to inject arbitrary HTML or web script via (1) the search box, and the (2) url, (3) website, (4) comment, and (5) signature fields in the profile, and possibly (6... Read more

    Affected Products : fx-app
    • Published: Feb. 15, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-4894

    Cross-site scripting (XSS) vulnerability in forms/lostpassword.php in iDevSpot NixieAffiliate 1.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter.... Read more

    Affected Products : nixieaffiliate
    • Published: Sep. 19, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-6660

    The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by Konquerer, KMail, and other programs, allows remote attackers to cause a denial of service (crash) via malformed HTML tags, possibly involving a COL SPAN tag embedded in a RANGE tag.... Read more

    Affected Products : libkhtml
    • Published: Dec. 20, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-6300

    Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the result parameter.... Read more

    Affected Products : cutenews
    • Published: Dec. 05, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-41941

    A missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins.... Read more

    Affected Products : aws_codecommit_trigger
    • Published: Sep. 06, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2018-1025

    An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability." This affects Internet Explorer 11, Microsoft Edge.... Read more

    Affected Products : edge internet_explorer
    • Published: May. 09, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2006-5299

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in Gcontact 0.6.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : gcontact
    • Published: Oct. 17, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2017-5023

    Type confusion in Histogram in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit a near null dereference via a crafted HTML page.... Read more

    Affected Products : chrome
    • Published: Feb. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2022-3293

    Email addresses were leaked in WebHook logs in GitLab EE affecting all versions from 9.3 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1... Read more

    Affected Products : gitlab
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 4.3

    MEDIUM
    CVE-2006-7072

    Cross-site scripting (XSS) vulnerability in GeoClassifieds Enterprise 2.0.5.2 and earlier allows remote attackers to inject arbitrary web script and HTML via the (1) b[username] and (2) c parameters to (a) index.php, the b[username] parameter to (b) admin... Read more

    Affected Products : geoclassifieds_enterprise
    • Published: Mar. 02, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-4206

    Cross-site scripting (XSS) vulnerability in calendar.asp in ASPPlayground.NET Forum Advanced Edition 2.4.5 Unicode, and possibly other versions before October 15, 2006, allows remote attackers to inject arbitrary web script or HTML via the calendarID para... Read more

    Affected Products : aspplayground.net
    • Published: Aug. 17, 2006
    • Modified: Apr. 03, 2025

  • 4.2

    MEDIUM
    CVE-2023-42757

    Process Explorer before 17.04 allows attackers to make it functionally unavailable (a denial of service for analysis) by renaming an executable file to a new extensionless 255-character name and launching it with NtCreateUserProcess. This can occur throug... Read more

    Affected Products :
    • Published: May. 07, 2024
    • Modified: Mar. 26, 2025

  • 4.2

    MEDIUM
    CVE-2017-13679

    A denial of service (DoS) attack in Symantec Encryption Desktop before SED 10.4.1 MP2HF1 allows remote attackers to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a spe... Read more

    Affected Products : encryption_desktop
    • Published: Oct. 10, 2017
    • Modified: Apr. 20, 2025

  • 4.2

    MEDIUM
    CVE-2024-10815

    The PostLists WordPress plugin through 2.0.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers... Read more

    Affected Products : postlists
    • Published: Jan. 09, 2025
    • Modified: May. 14, 2025
    • Vuln Type: Cross-Site Scripting

  • 4.2

    MEDIUM
    CVE-2020-13882

    CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TOCTOU race condition. The routine to check the log and report file permissions was not working as intended and could be bypassed locally. Because of the race, an unprivileged attacker ca... Read more

    Affected Products : fedora lynis
    • Published: Jun. 18, 2020
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2020-13464

    The flash memory readout protection in China Key Systems & Integrated Circuit CKS32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the CPU or DMA module.... Read more

    Affected Products : cks32f103_firmware cks32f103
    • Published: Aug. 31, 2020
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2020-2599

    Vulnerability in the Oracle Hospitality Cruise Materials Management product of Oracle Hospitality Applications (component: MMS All). The supported version that is affected is 7.30.567. Difficult to exploit vulnerability allows physical access to compromis... Read more

    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 293360 Results