Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2009-1844

    Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x before 5.18 and 6.x before 6.12 allow (1) remote authenticated users to inject arbitrary web script or HTML via crafted UTF-8 byte sequences that are treated as UTF-7 by Internet Explorer 6... Read more

    Affected Products : drupal
    • Published: Jun. 01, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2010-0155

    CRLF injection vulnerability in load.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticated users to inject arbitrary HTTP headers and conduct HT... Read more

    • Published: Sep. 14, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2009-5060

    Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.11 services for Lotus Domino might allow remote authenticated users to cause a denial of service (daemon crash) by accessing an entry in a calendar, aka SPR MZHA7SEBJX.... Read more

    Affected Products : lotus_quickr lotus_domino
    • Published: Mar. 22, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2009-3653

    Cross-site scripting (XSS) vulnerability in the additional links interface in XML Sitemap 5.x-1.6, a module for Drupal, allows remote authenticated users, with "administer site configuration" permission, to inject arbitrary web script or HTML via unspecif... Read more

    Affected Products : drupal xml_sitemap
    • Published: Oct. 09, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2009-3157

    Cross-site scripting (XSS) vulnerability in the Calendar module 6.x before 6.x-2.2 for Drupal allows remote authenticated users, with "create new content types" privileges, to inject arbitrary web script or HTML via the title of a content type.... Read more

    Affected Products : drupal calendar
    • Published: Sep. 10, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2009-5062

    IBM Lotus Quickr 8.1 before 8.1.0.15 services for Lotus Domino on AIX allows remote authenticated users to cause a denial of service (daemon crash) by subscribing to an Atom feed, aka SPR JRIE7VKMP9.... Read more

    Affected Products : aix lotus_quickr lotus_domino
    • Published: Mar. 22, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2009-2131

    Cross-site scripting (XSS) vulnerability in 4images 1.7.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML by providing a crafted user_homepage parameter to member.php, and then posting a comment associated with a pictu... Read more

    Affected Products : 4images
    • Published: Jun. 19, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2010-0606

    Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users to inject arbitrary web script or HTML via the f parameter, possibly related to an error message generated by scp/admin.php.... Read more

    Affected Products : osticket
    • Published: Feb. 11, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2007-0275

    Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 1... Read more

    • Published: Jan. 17, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2009-4429

    Cross-site scripting (XSS) vulnerability in the Sections module 5.x before 5.x-1.3 and 6.x before 6.x-1.3 for Drupal allows remote authenticated users with "administer sections" privileges to inject arbitrary web script or HTML via a section name (aka the... Read more

    Affected Products : drupal sections_module
    • Published: Dec. 28, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2009-5059

    Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.10 services for Lotus Domino might allow remote authenticated users to cause a denial of service (daemon crash) by checking out a document that is accessed through a connector, aka SPR MMOI7PS... Read more

    Affected Products : lotus_quickr lotus_domino
    • Published: Mar. 22, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2009-3891

    Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in WordPress before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML via the s parameter (aka the selection variable).... Read more

    Affected Products : wordpress
    • Published: Nov. 17, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2010-0081

    Unspecified vulnerability in the Application Server Control component in Oracle Fusion Middleware 10.1.2.3 and 10.1.4.0.1 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2010-2381.... Read more

    Affected Products : fusion_middleware
    • Published: Jul. 13, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2009-3782

    Unspecified vulnerability in Userpoints 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with "View own userpoints" permissions to read the userpoint data of arbitrary users via unknown attack vectors.... Read more

    Affected Products : drupal userpoints
    • Published: Oct. 26, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2007-3254

    Multiple cross-site scripting (XSS) vulnerabilities in Xythos Enterprise Document Manager (XEDM) before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to inject arbitrary web script or HTML via (1) a saved Workflow name; (2) a Workflo... Read more

    Affected Products : enterprise_document_manager
    • Published: Jun. 27, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2007-4427

    Unspecified vulnerability in the login page redirection logic in the Cache' Server Page (CSP) implementation in InterSystems Cache' 2007.1.0.369.0 and 2007.1.1.420.0 allows remote authenticated users to modify data on a server, related to encoding of cert... Read more

    Affected Products : cache_database
    • Published: Aug. 20, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2007-1947

    Cross-zone scripting vulnerability in the DOM templates (domplates) used by the console.log function in the Firebug extension before 1.04 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbi... Read more

    Affected Products : firebug
    • Published: Apr. 11, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2007-3559

    Cross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/shoutbox_panel.php in PHP-Fusion 6.01.10 and 6.01.9, when guest posts are enabled, allows remote authenticated users to inject arbitrary web script or HTML via the URI, related to the FU... Read more

    Affected Products : phpfusion php-fusion
    • Published: Jul. 04, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2007-1732

    Cross-site scripting (XSS) vulnerability in an mt import in wp-admin/admin.php in WordPress 2.1.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the demo parameter. NOTE: the provenance of this information is unknow... Read more

    Affected Products : wordpress
    • Published: Mar. 28, 2007
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2019-1010310

    GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder description. The impact is: Admins can phish any user or group of users for credentials / credit cards. The component is: Tool... Read more

    Affected Products : glpi
    • Published: Jul. 12, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 293350 Results