Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2006-1906

    Cross-site scripting (XSS) vulnerability in index.php in jjgan852 phpLister 0.4.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter.... Read more

    Affected Products : phplister
    • EPSS Score: %6.99
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1878

    Cross-site scripting (XSS) vulnerability in index.php in phpFaber TopSites allows remote attackers to inject arbitrary web script or HTML via the page parameter.... Read more

    Affected Products : topsites
    • EPSS Score: %0.95
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2010-2114

    Cross-site request forgery (CSRF) vulnerability in pbx/gate in Brekeke PBX 2.4.4.8 allows remote attackers to hijack the authentication of users for requests that change passwords via the pbxadmin.web.PbxUserEdit bean.... Read more

    Affected Products : pbx
    • EPSS Score: %0.16
    • Published: May. 28, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2010-2151

    Cross-site request forgery (CSRF) vulnerability in Fujitsu e-Pares V01 L01 V01 L01, L03, L10, L20, L30, and L40 allows remote attackers to hijack the authentication of users for requests that modify "facility reservation data" via unknown vectors.... Read more

    Affected Products : e-pares
    • EPSS Score: %0.12
    • Published: Jun. 03, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2014-2000

    The NTT 050 plus application before 4.2.1 for Android allows attackers to obtain sensitive information by leveraging the ability to read system log files.... Read more

    Affected Products : 050_plus
    • EPSS Score: %0.29
    • Published: Jun. 18, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2011-5256

    Cross-site scripting (XSS) vulnerability in the tooltips in LimeSurvey before 1.91+ Build 11379-20111116, when viewing survey results, allows remote attackers to inject arbitrary web script or HTML via unknown parameters.... Read more

    Affected Products : limesurvey
    • EPSS Score: %0.26
    • Published: Feb. 12, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-0933

    Multiple cross-site scripting (XSS) vulnerabilities in Acidcat CMS 3.5.1, 3.5.2, 3.5.6, and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin_colors.asp, (2) admin_config.asp, and (3) admin_cat_a... Read more

    Affected Products : acidcat_cms
    • EPSS Score: %7.79
    • Published: Jan. 29, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-6502

    Microsoft Internet Explorer before 10 allows remote attackers to obtain sensitive information about the existence of files, and read certain data from files, via a UNC share pathname in the SRC attribute of a SCRIPT element, as demonstrated by reading a n... Read more

    Affected Products : internet_explorer
    • EPSS Score: %6.50
    • Published: Jan. 22, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2010-2957

    Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, when "Remember me" logins are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : serendipity
    • EPSS Score: %0.28
    • Published: Sep. 10, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2014-0046

    Cross-site scripting (XSS) vulnerability in the link-to helper in Ember.js 1.2.x before 1.2.2, 1.3.x before 1.3.2, and 1.4.x before 1.4.0-beta.6, when used in non-block form, allows remote attackers to inject arbitrary web script or HTML via the title att... Read more

    Affected Products : ember.js
    • EPSS Score: %0.52
    • Published: Feb. 27, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2014-3737

    Cross-site scripting (XSS) vulnerability in templates/defaultheader.php in Lamp Design Storesprite before 7 - 19-06-14, when using the currency selection dropdown, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to brand.p... Read more

    Affected Products : storesprite
    • EPSS Score: %0.62
    • Published: Jul. 02, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2011-5193

    Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin 1.4.2.3 for WordPress, when the WHOIS widget is enabled, allows remote attackers to inject arbitrary web script or HTML via the domain parameter to ... Read more

    Affected Products : wordpress samswhois
    • EPSS Score: %0.89
    • Published: Sep. 23, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-1903

    Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila allow remote attackers to inject arbitrary web script or HTML (1) via the referer parameter in sendMail, and via attributes of (2) the A element and certain other HTML elements in web ... Read more

    Affected Products : manila
    • EPSS Score: %0.34
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2011-3218

    The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the htt... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %0.66
    • Published: Oct. 14, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-0962

    Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 6.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted content that is not properly handled during a copy-and-paste operation.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.32
    • Published: Jan. 29, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2009-4022

    Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache ... Read more

    Affected Products : bind
    • EPSS Score: %20.04
    • Published: Nov. 25, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2013-5137

    IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.37
    • Published: Sep. 19, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-0244

    Cross-site scripting (XSS) vulnerability in Drupal 6.x before 6.28 and 7.x before 7.19, when running with older versions of jQuery that are vulnerable to CVE-2011-4969, allows remote attackers to inject arbitrary web script or HTML via vectors involving u... Read more

    Affected Products : drupal
    • EPSS Score: %0.41
    • Published: Jan. 19, 2014
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2008-0456

    CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbi... Read more

    • EPSS Score: %14.34
    • Published: Jan. 25, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2012-4534

    org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminatin... Read more

    Affected Products : tomcat
    • EPSS Score: %22.77
    • Published: Dec. 19, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 291132 Results