Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2023-3906

    An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, allowed an authenticated attacker to craft image urls which bypass the asset proxy.... Read more

    Affected Products : gitlab
    • Published: Sep. 29, 2023
    • Modified: May. 05, 2025

  • 3.5

    LOW
    CVE-2009-2173

    The LAN game feature in Carom3D 5.06 allows remote authenticated users to cause a denial of service (application hang) via a crafted HTTP request to TCP port 28012.... Read more

    Affected Products : carom3d
    • Published: Jun. 23, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2010-3581

    Unspecified vulnerability in the BPEL Console component in Oracle Fusion Middleware 11.1.1.1.0 and 11.1.1.2.0 allows remote authenticated users to affect integrity via unknown vectors.... Read more

    Affected Products : fusion_middleware
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-0606

    Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users to inject arbitrary web script or HTML via the f parameter, possibly related to an error message generated by scp/admin.php.... Read more

    Affected Products : osticket
    • Published: Feb. 11, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2009-2074

    Cross-site scripting (XSS) vulnerability in Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for Drupal, allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via vocabulary names.... Read more

    Affected Products : drupal nodequeue
    • Published: Jun. 16, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2009-2048

    Cross-site scripting (XSS) vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows remote authenticated users to inject arbitrary web script... Read more

    • Published: Jul. 16, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2010-2080

    Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : otrs
    • Published: Sep. 20, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-1548

    The auto-complete functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal does not follow access restrictions, which allows remote authenticated users, with "access content" privileges, to read the title of an unpublished n... Read more

    Affected Products : ctools
    • Published: May. 21, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-3512

    Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 7.0u8 allows remote authenticated users to affect confidentiality, related to DAV (WebDAV).... Read more

    Affected Products : sun_products_suite
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-0801

    Directory traversal vulnerability in the AutartiTarot (com_autartitarot) component 1.0.3 for Joomla! allows remote authenticated users, with "Public Back-end" group permissions, to read arbitrary files via directory traversal sequences in the controller p... Read more

    Affected Products : joomla\! com_autartitarot
    • Published: Mar. 02, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2009-2083

    Cross-site scripting (XSS) vulnerability in the term data detail page in Taxonomy manager 5.x before 5.x-1.2, a module for Drupal, allows remote authenticated users, with administer taxonomy privileges or the ability to use free tagging to add taxonomy te... Read more

    Affected Products : drupal taxonomy_manager
    • Published: Jun. 16, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2010-0857

    Unspecified vulnerability in the Oracle Workflow Cartridge component in Oracle E-Business Suite 11.5.10.2 allows remote authenticated users to affect integrity via unknown vectors.... Read more

    Affected Products : e-business_suite
    • Published: Apr. 13, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2011-4436

    Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface on the Dell KACE K2000 System Deployment Appliance allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • Published: Nov. 12, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2024-11924

    The Icegram Express formerly known as Email Subscribers WordPress plugin before 5.7.52 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the un... Read more

    Affected Products : icegram_express
    • Published: Apr. 17, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.5

    LOW
    CVE-2011-4830

    Multiple cross-site scripting (XSS) vulnerabilities in the com_listing component in Barter Sites component 1.3 for Joomla! allow remote authenticated users to inject arbitrary web script or HTML via the (1) listing_title, (2) description, (3) homeurl (aka... Read more

    Affected Products : joomla\! com_listing
    • Published: Dec. 15, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-0716

    _layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated user... Read more

    Affected Products : sharepoint_server
    • Published: Feb. 26, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2009-2131

    Cross-site scripting (XSS) vulnerability in 4images 1.7.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML by providing a crafted user_homepage parameter to member.php, and then posting a comment associated with a pictu... Read more

    Affected Products : 4images
    • Published: Jun. 19, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2008-2758

    Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute News Manager XE 3.2 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) pblname and (2) text parameters to (a) admin/search.asp, (3) name parame... Read more

    Affected Products : absolute_news_manager_xe
    • Published: Jun. 18, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2008-3095

    Cross-site scripting (XSS) vulnerability in the Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote authenticated users, with group owner permissions, to inject arbitrary web script or HTML via unsp... Read more

    • Published: Jul. 09, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2006-0657

    Cross-site scripting (XSS) vulnerability in Softcomplex PHP Event Calendar 1.5 allows remote authenticated users to inject arbitrary web script or HTML, and corrupt data, via the (1) username and (2) password parameters, which are not sanitized before bei... Read more

    Affected Products : php_event_calendar
    • Published: Feb. 13, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293631 Results