Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2014-4166

    Cross-site scripting (XSS) vulnerability in the song history in SHOUTcast DNAS 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the mp3 title field.... Read more

    Affected Products : dnas
    • Published: Jun. 16, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4551

    Cross-site scripting (XSS) vulnerability in diagnostics/test.php in the Social Connect plugin 1.0.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the testing parameter.... Read more

    Affected Products : social_connect
    • Published: Jul. 02, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4582

    Cross-site scripting (XSS) vulnerability in admin/admin_show_dialogs.php in the WP Consultant plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the dialog_id parameter.... Read more

    Affected Products : wp_consultant
    • Published: Jul. 02, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1057

    Cross-site scripting (XSS) vulnerability in usersettings.php in e107 2.0.0 allows remote attackers to inject arbitrary web script or HTML via the "Real Name" value.... Read more

    Affected Products : e107
    • Published: Jan. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1204

    Cross-site scripting (XSS) vulnerability in the Save Filters functionality in the WP Slimstat plugin before 3.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fs[resource] parameter in the wp-slim-view-2 page to wp-... Read more

    Affected Products : wp_slimstat
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4778

    IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 do not send an X-Frame-Options HTTP header in response to requests for the login page, which allows remote attackers to conduct clickjacking attacks v... Read more

    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1383

    Cross-site scripting (XSS) vulnerability in the geo search widget in the Geo Mashup plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search key.... Read more

    Affected Products : geo_mashup geo_mashup
    • Published: Feb. 02, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2008-3186

    Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blog (Blogger) allow remote attackers to inject arbitrary web script or HTML via the membername parameter to (1) members.php, (2) comments.php, (3) photos.php, (4) archive.php, or (5) cat.php... Read more

    Affected Products : chipmunk_blogger
    • Published: Jul. 15, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2004-2030

    Multiple cross-site scripting (XSS) vulnerabilities in index.jsp for Liferay before 2.2.0 release 10/1/2004 allow remote attackers to inject arbitrary web script or HTML, as demonstrated using the message subject.... Read more

    Affected Products : liferay_enterprise_portal
    • Published: May. 22, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2015-6529

    Multiple cross-site scripting (XSS) vulnerabilities in phpipam 1.1.010 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter to site/error.php or (2) ip parameter to site/tools/searchResults.php.... Read more

    Affected Products : phpipam
    • Published: Aug. 20, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2002-2376

    Cross-site scripting (XSS) vulnerability in E-Guest_sign.pl in E-Guest 1.1 allows remote attackers to inject arbitrary SSI directives, web script, and HTML via the (1) full name, (2) email, (3) homepage, and (4) location parameters. NOTE: this issue migh... Read more

    Affected Products : e-guest
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2015-7777

    Cross-site scripting (XSS) vulnerability in index.php in JosephErnest Void before 2015-10-02 allows remote attackers to inject arbitrary web script or HTML via a crafted URI.... Read more

    Affected Products : void
    • Published: Nov. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2006-6082

    Multiple cross-site scripting (XSS) vulnerabilities in CreaScripts Creadirectory allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to addlisting.asp or the (2) search parameter to search.asp.... Read more

    Affected Products : creadirectory
    • Published: Nov. 24, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2002-2231

    Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) a javascript: URL in a photo URL or (2) an X-Forwarded-For: header.... Read more

    Affected Products : ikonboard
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2009-1811

    Multiple cross-site scripting (XSS) vulnerabilities in myGesuad 0.9.14 (aka 0.9) allow remote attackers to inject arbitrary web script or HTML via (1) the Page parameter in a List action to modules/ereignis.php, (2) the Kontext parameter in a Search actio... Read more

    Affected Products : mygesuad
    • Published: May. 29, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-3515

    Multiple cross-site scripting (XSS) vulnerabilities in files generated by Adobe Presenter 6 and 7 before 7.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) viewer.swf and (2) loadflash.js, a different... Read more

    Affected Products : presenter
    • Published: Aug. 13, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2012-1449

    The CAB file parser in NOD32 Antivirus 5795 and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a CAB file with a modified vMajor field. NOTE: this may later be SPLIT into multiple CVEs if additional information is pu... Read more

    Affected Products : nod32_antivirus rising_antivirus
    • Published: Mar. 21, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-3560

    Cross-site scripting (XSS) vulnerability in kshop_search.php in the Kshop module 2.22 for Xoops allows remote attackers to inject arbitrary web script or HTML via the search parameter.... Read more

    Affected Products : kshop_module
    • Published: Aug. 08, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-1470

    Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID RSA Authentication Agent 5.3, and possibly earlier, allows remote attackers to conduct cross-site scripting (XSS) attacks via the postdata parameter, due to an incomplete fix for CVE-200... Read more

    Affected Products : webid
    • Published: Mar. 24, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2015-2989

    Cross-site scripting (XSS) vulnerability in index.php in LEMON-S PHP Twit BBS allows remote attackers to inject arbitrary web script or HTML via the imagetitle parameter.... Read more

    Affected Products : twit_bbs
    • Published: Sep. 07, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 294510 Results