Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2004-2096

    Cross-site scripting (XSS) vulnerability in Mephistoles httpd 0.6.0 final allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into the URL.... Read more

    Affected Products : mephistoles_httpd
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2113

    Cross-site scripting (XSS) vulnerability in BremsServer 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the URL.... Read more

    Affected Products : bremsserver
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1996

    Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.0 allows remote attackers to inject arbitrary web script via the size tag.... Read more

    Affected Products : smf
    • Published: May. 05, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2028

    Cross-site scripting (XSS) vulnerability in stats.php in e107 allows remote attackers to inject arbitrary web script or HTML via the referer parameter to log.php.... Read more

    Affected Products : e107
    • Published: May. 21, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2055

    Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 and 2.0.9 allows remote attackers to inject arbitrary HTMl or web script via the search_author parameter.... Read more

    Affected Products : phpbb
    • Published: Jul. 19, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2019-2426

    Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker wit... Read more

    • Published: Jan. 16, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2004-2098

    Cross-site scripting (XSS) vulnerability in the banner engine (TBE) 5.0 allows remote attackers to execute arbitrary script as other users via the HTML banner view/preview capability.... Read more

    Affected Products : tbe_banner_engine
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2003-0504

    Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware 0.9.14.003 (aka webdistro) allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to index.php in the addressbook module.... Read more

    Affected Products : phpgroupware
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-0674

    Cross-site scripting (XSS) vulnerability in the News module for paBox 1.6 allows remote attackers to inject arbitrary web script or HTML via the text hidden parameter in an HTTP POST request.... Read more

    Affected Products : pabox
    • Published: Mar. 03, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2063

    Cross-site scripting (XSS) vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers to inject arbitrary HTML or web script via the feedback parameter.... Read more

    Affected Products : antiboard
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2102

    Cross-site scripting (XSS) vulnerability in FREESCO 2.05, a modified version of thttpd, allows remote attackers to inject arbitrary web script or HTML via the test parameter.... Read more

    Affected Products : freesco
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2015-0108

    Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.8, and Maximo Asset Management 7.1 through 7.1.1.8 and 7.2 for Tivoli IT Asset Management for IT and certain other products, allows remote authenticated users to inj... Read more

    • Published: Feb. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2003-0629

    Cross-site scripting (XSS) vulnerability in PeopleSoft IScript environment for PeopleTools 8.43 and earlier allows remote attackers to insert arbitrary web script via a certain HTTP request to IScript.... Read more

    Affected Products : peopletools
    • Published: Dec. 15, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2003-0624

    Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to inject malicious web script via the person parameter.... Read more

    Affected Products : weblogic_server
    • Published: Dec. 01, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2122

    Cross-site scripting (XSS) vulnerability in intraforum_db.cgi in Intra Forum allows remote attackers to inject arbitrary web script or HTML via the (1) use_last_read or (2) forum parameters.... Read more

    Affected Products : intra_forum
    • Published: Jan. 24, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2008-3676

    Unspecified vulnerability in the IMAP server in hMailServer 4.4.1 allows remote authenticated users to cause a denial of service (resource exhaustion or daemon crash) via a long series of IMAP commands.... Read more

    Affected Products : hmailserver
    • Published: Aug. 14, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2003-0712

    Cross-site scripting (XSS) vulnerability in the HTML encoding for the Compose New Message form in Microsoft Exchange Server 5.5 Outlook Web Access (OWA) allows remote attackers to execute arbitrary web script.... Read more

    Affected Products : exchange_server
    • Published: Nov. 17, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2119

    Cross-site scripting (XSS) vulnerability in Tiny Server 1.1 allows remote attackers to inject arbitrary web script or HTML via the URL.... Read more

    Affected Products : tinyserver
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2019-8059

    Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful e... Read more

    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2008-3700

    Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite 3.20.02 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the sessionid parameter in a livesupport startclientchat action to visitor/index.php; (2) ... Read more

    Affected Products : supportsuite
    • Published: Aug. 15, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 293437 Results