Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2007-4192

    Multiple cross-site scripting (XSS) vulnerabilities in IDE Group DVD Rental System (DRS) 5.1 before 20070801 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: it is not clear whether IDE Group updates all DRS in... Read more

    Affected Products : dvd_rental_system_drs
    • Published: Aug. 08, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2011-5070

    Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to inject arbitrary web script or HTML via (1) the file name to incident_attachments.php; (2) unspecified vectors in link_add.php, possi... Read more

    Affected Products : support_incident_tracker
    • Published: Jan. 29, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2005-3787

    Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl4 allow remote attackers to inject arbitrary web script or HTML via (1) the cookie-based login panel, (2) the title parameter and (3) the table creation dialog.... Read more

    Affected Products : phpmyadmin
    • Published: Nov. 24, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2009-0325

    Directory traversal vulnerability in entries/index.php in Ninja Blog 4.8, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the cat parameter.... Read more

    Affected Products : ninja_blog
    • Published: Jan. 29, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2011-4319

    Cross-site scripting (XSS) vulnerability in the i18n translations helper method in Ruby on Rails 3.0.x before 3.0.11 and 3.1.x before 3.1.2, and the rails_xss plugin in Ruby on Rails 2.3.x, allows remote attackers to inject arbitrary web script or HTML vi... Read more

    Affected Products : rails ruby_on_rails actionpack
    • Published: Nov. 28, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2017-10007

    Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low pr... Read more

    Affected Products : flexcube_private_banking
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2014-9146

    Multiple cross-site scripting (XSS) vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to inject arbitrary web script or HTML via the (1) view, (2) id, (3) page, or (4) app parameter to the default URI or the (5) act parameter to dapur/index.php.... Read more

    Affected Products : fiyo_cms
    • Published: Apr. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-7305

    fpw.php in e107 through 1.0.4 does not check the user_ban field, which makes it easier for remote attackers to reset passwords by sending a pwsubmit request and leveraging access to the e-mail account of a banned user.... Read more

    Affected Products : e107
    • Published: Jan. 22, 2014
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-5661

    The SAND STUDIO AirDroid application 1.1.0 and earlier for Android mishandles implicit intents, which allows attackers to obtain sensitive information via a crafted application.... Read more

    Affected Products : airdroid
    • Published: Oct. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2007-4023

    Cross-site scripting (XSS) vulnerability in the login CGI program in Aruba Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier FIPS versions, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : mobility_controller
    • Published: Jul. 26, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-4600

    The AffiliateWP for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'affwp_activate_addons_page_plugin' function called via an AJAX action in versions up to, and including, 2.14.0. This makes it possib... Read more

    Affected Products : affiliatewp
    • Published: Aug. 30, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-6459

    ConnMan 1.3 on Tizen continues to list the bluetooth service after offline mode has been enabled, which might allow remote attackers to obtain sensitive information via Bluetooth packets.... Read more

    Affected Products : connman tizen
    • Published: Jan. 01, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2023-6257

    The Inline Related Posts WordPress plugin before 3.6.0 is missing authorization in an AJAX action to ensure that users are allowed to see the content of the posts displayed, allowing any authenticated user, such as subscriber to retrieve the content of pa... Read more

    Affected Products : inline_related_posts
    • Published: Apr. 11, 2024
    • Modified: May. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-4592

    The Mobile Network Connections functionality in the Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not properly handle failed attempts at establishing HTTP-TCP sessions, which allows remot... Read more

    Affected Products : lotus_mobile_connect
    • Published: Dec. 22, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2017-1000110

    Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. It did not properly check the current user's... Read more

    Affected Products : blue_ocean
    • Published: Oct. 05, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2010-5145

    The Filtering Service in Websense Web Security and Web Filter before 6.3.1 Hotfix 136 and 7.x before 7.1.1 on Windows allows remote attackers to cause a denial of service (filtering outage) via a crafted sequence of characters in a URI.... Read more

    • Published: Aug. 23, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-29447

    Affected versions of Atlassian Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the file upload request feature of code reviews. The affected versions are before version 4.7.4, and fro... Read more

    Affected Products : crucible
    • Published: Dec. 21, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-2764

    Multiple cross-site scripting (XSS) vulnerabilities in Websense TRITON AP-DATA before 8.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the DSS (1) Mobile or (2) DLP report catalog.... Read more

    Affected Products : triton_ap_data
    • Published: Mar. 27, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2005-3264

    Cross-site scripting (XSS) vulnerability in thread.php for Zeroblog 1.1f and 1.2a allows remote attackers to inject arbitrary web script or HTML via the threadID parameter.... Read more

    Affected Products : zeroblog
    • Published: Oct. 20, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2009-4651

    Multiple cross-site scripting (XSS) vulnerabilities in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) color, (2) img, or (3) url BBCode tags in unsp... Read more

    Affected Products : joomla\! com_webeecomment
    • Published: Feb. 22, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 294836 Results