Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2014-3135

    Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 5.1.1 Alpha 9 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to privatemessage/new/, (2) the folderid parameter to a private message in privatemessage/vi... Read more

    Affected Products : vbulletin
    • Published: Apr. 30, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9596

    Panasonic Arbitrator Back-End Server (BES) MK 2.0 VPU before 9.3.1 build 4.08.003.0, when USB Wi-Fi or Direct LAN is enabled, and MK 3.0 VPU before 9.3.1 build 5.06.000.0, when Embedded Wi-Fi or Direct LAN is enabled, does not use encryption, which allows... Read more

    • Published: Jan. 15, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-6235

    Multiple cross-site scripting (XSS) vulnerabilities in JAMon (Java Application Monitor) 2.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) listenertype or (2) currentlistener parameter to mondetail.jsp or ArraySQL pa... Read more

    Affected Products : java_application_monitor
    • Published: Jan. 31, 2014
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2007-1342

    Cross-site scripting (XSS) vulnerability in admincp/index.php in Jelsoft vBulletin 3.6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the add rss url form.... Read more

    Affected Products : vbulletin vbulletin
    • Published: Mar. 08, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2014-2879

    Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the uploadPatch parameter to the System/Advanced page (settings... Read more

    • Published: Apr. 17, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-2965

    Cross-site scripting (XSS) vulnerability in auth-settings-x.php in SpamTitan before 6.04 allows remote attackers to inject arbitrary web script or HTML via the sortdir parameter.... Read more

    Affected Products : spamtitan
    • Published: Jul. 03, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2017-0885

    Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. Due to an error in the application logic an adversary with access to a write-only share may enumerate the names of existing files and ... Read more

    Affected Products : nextcloud_server
    • Published: Apr. 05, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2011-2679

    Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : rational_doors_web_access
    • Published: Jul. 07, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2005-2610

    Cross-site scripting (XSS) vulnerability in index.php in VegaDNS 0.8.1, 0.9.8, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the message parameter.... Read more

    Affected Products : vegadns
    • Published: Aug. 17, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2012-5228

    Cross-site scripting (XSS) vulnerability in admin/index.php in phplist 2.10.9, 2.10.17, and possibly other versions before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the testtarget parameter. NOTE: some of these details ar... Read more

    Affected Products : phplist
    • Published: Oct. 01, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2016-1192

    Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors.... Read more

    Affected Products : garoon
    • Published: Jun. 19, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4855

    Cross-site scripting (XSS) vulnerability in the Polylang plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a user description. NOTE: some of these details are obtained from third party... Read more

    Affected Products : polylang
    • Published: Jul. 10, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-4599

    The Misery module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.2 for Drupal, when the "delay misery" configuration is set to a high value, allows remote attackers to cause a denial of service (process consumption) via multiple requests.... Read more

    Affected Products : misery
    • Published: Jun. 09, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2005-2860

    Cross-site scripting (XSS) vulnerability in Nikto 1.35 and earlier allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly injected into an HTML report.... Read more

    Affected Products : nikto
    • Published: Sep. 08, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3522

    Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine Netflow Analyzer 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the grDisp parameter.... Read more

    Affected Products : manageengine_netflow_analyzer
    • Published: Nov. 06, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2014-4595

    Multiple cross-site scripting (XSS) vulnerabilities in the WP RESTful plugin 0.1 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) oauth_callback parameter to html_api_authorize.php or the (2) oauth_token_... Read more

    Affected Products : wp_restful
    • Published: Jul. 02, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2005-3787

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl4 allow remote attackers to inject arbitrary web script or HTML via (1) the cookie-based login panel, (2) the title parameter and (3) the table creation dialog.... Read more

    Affected Products : phpmyadmin
    • Published: Nov. 24, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2014-4560

    Cross-site scripting (XSS) vulnerability in includes/getTipo.php in the ToolPage plugin 1.6.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the t parameter.... Read more

    Affected Products : toolpage
    • Published: Jul. 02, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2005-4062

    Cross-site scripting (XSS) vulnerability in CPSearch.asp in XcClassified 3.x allows remote attackers to inject arbitrary web script or HTML via the search parameters.... Read more

    Affected Products : xcclassified
    • Published: Dec. 07, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4032

    Cross-site scripting (XSS) vulnerability in search.cgi in Easy Search System 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter.... Read more

    Affected Products : easy_search_system
    • Published: Dec. 06, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 294522 Results