Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2011-5257

    Multiple cross-site scripting (XSS) vulnerabilities in the Classipress theme before 3.1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) twitter_id parameter related to the Twitter widget and (2) facebook_id parame... Read more

    Affected Products : wordpress classipress
    • Published: Feb. 12, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1940

    Apple Safari 4.0.5 on Windows sends the "Authorization: Basic" header appropriate for one web site to a different web site named in a Location header received from the first site, which allows remote web servers to obtain sensitive information by logging ... Read more

    Affected Products : safari windows
    • Published: May. 14, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-5307

    Cross-site scripting (XSS) vulnerability in index.php in the PhotoSmash plugin 1.0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter.... Read more

    Affected Products : photosmash
    • Published: Jan. 01, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-39413

    Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass securi... Read more

    Affected Products : commerce magento
    • Published: Aug. 14, 2024
    • Modified: Aug. 14, 2024

  • 4.3

    MEDIUM
    CVE-2024-12027

    The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateFilter() and deleteFilter() functions in all versions up to, and including, 1.6.3. This makes it p... Read more

    Affected Products : message_filter_for_contact_form_7
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 4.3

    MEDIUM
    CVE-2009-3368

    Cross-site scripting (XSS) vulnerability in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the adult parameter in a showhoteldetails action to index.... Read more

    Affected Products : joomla\! com_hbssearch
    • Published: Sep. 24, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-1963

    Cross-site scripting (XSS) vulnerability in HP ServiceCenter allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : servicecenter service_center
    • Published: Jun. 07, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1985

    Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in Six Apart Movable Type 5.0 and 5.01 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.... Read more

    Affected Products : movable_type
    • Published: May. 19, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1905

    Multiple cross-site scripting (XSS) vulnerabilities in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allow remote attackers to inject arbitrary web script or HTML via crafted input to ASP pages, as demonstrated using the backurl parame... Read more

    • Published: May. 12, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2014

    Cross-site scripting (XSS) vulnerability in cp/list_content.php in LiSK CMS 4.4 allows remote attackers to inject arbitrary web script or HTML via the cl or possibly id parameter.... Read more

    Affected Products : lisk_cms
    • Published: May. 24, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-3260

    Cross-site scripting (XSS) vulnerability in LiveStreet 0.2 allows remote attackers to inject arbitrary web script or HTML via the header of the topic in a comment.... Read more

    Affected Products : livestreet
    • Published: Sep. 18, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2020-14581

    Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attack... Read more

    • Published: Jul. 15, 2020
    • Modified: May. 27, 2025

  • 4.3

    MEDIUM
    CVE-2011-5211

    Cross-site scripting (XSS) vulnerability in the poll module in Subrion CMS 2.0.4 allows remote attackers to inject arbitrary web script or HTML via the title field. NOTE: some of these details are obtained from third party information. NOTE: this might ... Read more

    Affected Products : subrion_cms
    • Published: Oct. 22, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2013

    Cross-site scripting (XSS) vulnerability in cp/edit_email.php in LiSK CMS 4.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter.... Read more

    Affected Products : lisk_cms
    • Published: May. 24, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2084

    Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute.... Read more

    Affected Products : asp.net
    • Published: May. 27, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-12033

    The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the sync_libraries() function in all versions up to, and including, 4.8.5. This makes it possible for authenticated attackers, with Subscribe... Read more

    Affected Products : jupiter_x_core
    • Published: Jan. 07, 2025
    • Modified: Jan. 22, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2010-1907

    The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to discover the username of the client user, and consequently determine a pathname to a certain user directory... Read more

    • Published: May. 12, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-1976

    Unspecified vulnerability in the HTTP Server component in Oracle Application Server 10.1.2.3 allows remote attackers to affect integrity via unknown vectors.... Read more

    Affected Products : application_server
    • Published: Jul. 14, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-2010

    Multiple cross-site scripting (XSS) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via a node title.... Read more

    Affected Products : ctools
    • Published: May. 21, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2017

    Cross-site scripting (XSS) vulnerability in hasil-pencarian.html in Lokomedia CMS 1.4.1 and 2.0 allows remote attackers to inject arbitrary web script or HTML via the kata parameter. NOTE: some of these details are obtained from third party information.... Read more

    Affected Products : lokomedia_cms
    • Published: May. 24, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 294723 Results