Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2004-1837

    Cross-site scripting (XSS) vulnerability in Mod_survey 3.0.x before 3.0.16-pre2 and 3.2.x before 3.2.0-pre4 allows remote attackers to inject arbitrary web script or HTML via the certain survey fields or error messages for malformed query strings.... Read more

    Affected Products : mod_survey
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1120

    Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail 0.8.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the e-mail (1) body, (2) filename, or (3) MIME type.... Read more

    Affected Products : ilohamail
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0165

    Cross-site scripting (XSS) vulnerability in the DataForm Entries functionality in Plain Black WebGUI before 6.8.4 (gamma) allows remote attackers to inject arbitrary Javascript via the (1) url and (2) name field of the default email form.... Read more

    Affected Products : webgui
    • Published: Jan. 11, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2021-28574

    Adobe Animate version 21.0.5 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the curr... Read more

    Affected Products : windows animate
    • Published: Jun. 28, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2025-57176

    The rfpiped service on TCP port 555 in Ceragon Networks / Siklu Communication EtherHaul series (8010TX and 1200FX tested) Firmware 7.4.0 through 10.7.3 allows unauthenticated file uploads to any writable location on the device. File upload packets use wea... Read more

    Affected Products :
    • Published: Sep. 15, 2025
    • Modified: Sep. 16, 2025
    • Vuln Type: Authentication

  • 4.3

    MEDIUM
    CVE-2006-3436

    Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true".... Read more

    Affected Products : .net_framework
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-2618

    Cross-site scripting (XSS) vulnerability in (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, might allow remote attackers to inject arbitrary web script or HTML via the "write a review" box. NOTE: since user reviews do not ... Read more

    Affected Products : webhost_directory
    • Published: May. 26, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3477

    Multiple interpretation error in the image upload handling code in Invision Gallery 2.0.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML or script in an image whose type does not match its extension, which is rendered by In... Read more

    Affected Products : invision_gallery
    • Published: Nov. 03, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0796

    Cross-site scripting (XSS) vulnerability in default.php in Clever Copy 3.0 allows remote attackers to inject arbitrary web script or HTML via the Subject field when sending private messages (privatemessages.php). NOTE: the provenance of this information i... Read more

    Affected Products : clever_copy
    • Published: Feb. 19, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2024-39460

    Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases.... Read more

    Affected Products : bitbucket_branch_source
    • Published: Jun. 26, 2024
    • Modified: Nov. 29, 2024

  • 4.3

    MEDIUM
    CVE-2024-39419

    Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass securi... Read more

    Affected Products : commerce magento
    • Published: Aug. 14, 2024
    • Modified: Aug. 14, 2024

  • 4.3

    MEDIUM
    CVE-2024-39407

    Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass securi... Read more

    Affected Products : commerce magento
    • Published: Aug. 14, 2024
    • Modified: Aug. 14, 2024

  • 4.3

    MEDIUM
    CVE-2024-39408

    Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could allow an attacker to bypass security features and perform minor integrity changeson behalf of a user. T... Read more

    Affected Products : magento commerce magento
    • Published: Aug. 14, 2024
    • Modified: Oct. 16, 2024

  • 4.3

    MEDIUM
    CVE-2024-39405

    Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass securi... Read more

    Affected Products : commerce magento
    • Published: Aug. 14, 2024
    • Modified: Aug. 14, 2024

  • 4.3

    MEDIUM
    CVE-2006-2639

    Cross-site scripting (XSS) vulnerability in the input forms in prattmic and Master5006 PHPSimpleChoose 0.3 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element.... Read more

    Affected Products : phpsimplechoose
    • Published: May. 30, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2649

    Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows remote attackers to inject arbitrary web script or HTML via (1) course parameter in login.php or (2) words parameter in search.php.... Read more

    Affected Products : atutor
    • Published: Aug. 23, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-2642

    ** UNVERIFIABLE ** NOTE: this issue does not contain any verifiable or actionable details. Cross-site scripting (XSS) vulnerability in Marco M. F. De Santis Php-residence 0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via... Read more

    Affected Products : php-residence
    • Published: May. 30, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1567

    Cross-site scripting (XSS) vulnerability in searchresults.asp in SiteSearch Indexer 3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchField parameter.... Read more

    Affected Products : indexer
    • Published: Apr. 01, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2688

    Multiple cross-site scripting (XSS) vulnerabilities in SaveWebPortal 3.4 allow remote attackers to inject arbitrary web script or HTML via a large number of parameters to (1) footer.php, (2) header.php, (3) menu_dx.php, or (4) menu_sx.php, or Javascript c... Read more

    Affected Products : savewebportal
    • Published: Aug. 24, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2007-2748

    The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375.... Read more

    Affected Products : php
    • Published: May. 17, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 294836 Results