Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2008-1775

    Cross-site scripting (XSS) vulnerability in mindex.do in ManageEngine Firewall Analyzer 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the displayName parameter. NOTE: the provenance of this information is unknown; the details a... Read more

    • EPSS Score: %0.21
    • Published: Apr. 14, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2024-0351

    A vulnerability classified as problematic has been found in SourceCodester Engineers Online Portal 1.0. This affects an unknown part. The manipulation leads to session fixiation. It is possible to initiate the attack remotely. The complexity of an attack ... Read more

    Affected Products : engineers_online_portal
    • EPSS Score: %0.05
    • Published: Jan. 09, 2024
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2008-2105

    email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before 3.1.4 allows remote authenticated users to more easily spoof the changer of a bug via a @reporter command in the body of an e-mail message, which overrides the e-mail address as normally... Read more

    Affected Products : bugzilla
    • EPSS Score: %0.50
    • Published: May. 07, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2025-48376

    DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a malicious SuperUser (Host) could craft a request to use an external url for a site export to then be imported. Version... Read more

    Affected Products : dotnetnuke
    • Published: May. 23, 2025
    • Modified: Aug. 26, 2025
    • Vuln Type: Authorization

  • 3.5

    LOW
    CVE-2024-10558

    The Form Maker by 10Web WordPress plugin before 1.15.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is dis... Read more

    Affected Products : form_maker
    • Published: Mar. 24, 2025
    • Modified: May. 13, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2009-1461

    Cross-site scripting (XSS) vulnerability in the Create New Page form in razorCMS 0.3 RC2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Page Title field.... Read more

    Affected Products : razorcms
    • EPSS Score: %0.20
    • Published: Apr. 28, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2009-1844

    Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x before 5.18 and 6.x before 6.12 allow (1) remote authenticated users to inject arbitrary web script or HTML via crafted UTF-8 byte sequences that are treated as UTF-7 by Internet Explorer 6... Read more

    Affected Products : drupal
    • EPSS Score: %0.14
    • Published: Jun. 01, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2009-3262

    Cross-site scripting (XSS) vulnerability in the Self Service UI (SSUI) in IBM Tivoli Identity Manager (ITIM) 5.0.0.5 allows remote authenticated users to inject arbitrary web script or HTML via the last name field in a profile.... Read more

    Affected Products : tivoli_identity_manager
    • EPSS Score: %0.19
    • Published: Sep. 18, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2012-0077

    Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4, 10.0.2, 10.3.3, 10.3.4, and 10.3.5 allows remote authenticated users to affect integrity, related to WLS-Console.... Read more

    Affected Products : weblogic_server fusion_middleware
    • EPSS Score: %0.35
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2008-7286

    IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino does not properly handle URLs that request images, which allows remote authenticated users to cause a denial of service (daemon crash) via a request to resources.nsf, aka SPR XFXF7JDBCX.... Read more

    Affected Products : lotus_quickr lotus_domino
    • EPSS Score: %0.34
    • Published: Mar. 22, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2009-3157

    Cross-site scripting (XSS) vulnerability in the Calendar module 6.x before 6.x-2.2 for Drupal allows remote authenticated users, with "create new content types" privileges, to inject arbitrary web script or HTML via the title of a content type.... Read more

    Affected Products : drupal calendar
    • EPSS Score: %0.34
    • Published: Sep. 10, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2009-3891

    Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in WordPress before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML via the s parameter (aka the selection variable).... Read more

    Affected Products : wordpress
    • EPSS Score: %1.21
    • Published: Nov. 17, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2009-2074

    Cross-site scripting (XSS) vulnerability in Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via vocabulary names.... Read more

    Affected Products : drupal nodequeue
    • EPSS Score: %0.25
    • Published: Jun. 16, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2009-2083

    Cross-site scripting (XSS) vulnerability in the term data detail page in Taxonomy manager 5.x before 5.x-1.2, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy te... Read more

    Affected Products : drupal taxonomy_manager
    • EPSS Score: %0.23
    • Published: Jun. 16, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2009-2048

    Cross-site scripting (XSS) vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows remote authenticated users to inject arbitrary web script... Read more

    • EPSS Score: %0.34
    • Published: Jul. 16, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2009-2076

    Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via (1) exposed filters in the Views UI administrative interface and in the (2) view name p... Read more

    Affected Products : drupal views
    • EPSS Score: %0.18
    • Published: Jun. 16, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2009-2131

    Cross-site scripting (XSS) vulnerability in 4images 1.7.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML by providing a crafted user_homepage parameter to member.php, and then posting a comment associated with a pictu... Read more

    Affected Products : 4images
    • EPSS Score: %1.02
    • Published: Jun. 19, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2008-7284

    IBM Lotus Quickr 8.1 before 8100.003 services for Lotus Domino allows remote authenticated users to cause a denial of service (daemon crash) by clicking a download link, aka SPR QCAO7E6AM8.... Read more

    Affected Products : lotus_quickr lotus_domino
    • EPSS Score: %0.34
    • Published: Mar. 22, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-3742

    Cross-site scripting (XSS) vulnerability in view_create.php (aka the Create View page) in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an invalid SQL CREATE VIEW statement with a crafted name tha... Read more

    Affected Products : phpmyadmin
    • EPSS Score: %0.18
    • Published: Jul. 04, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-5001

    Cross-site scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object... Read more

    Affected Products : phpmyadmin
    • EPSS Score: %0.18
    • Published: Jul. 31, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 292725 Results