Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2013-5315

    Cross-site scripting (XSS) vulnerability in the Resource Manager in the MEE submodule (mee.module) in the Scald module 6.x-1.x before 6.x-1.0-beta3 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via th... Read more

    Affected Products : drupal scald
    • EPSS Score: %0.73
    • Published: Aug. 19, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2009-2006

    Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) search_term parameter to main/auth/courses.php; the (2) frm_title and (3) frm_content para... Read more

    Affected Products : dokeos
    • EPSS Score: %0.54
    • Published: Jun. 08, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2007-1773

    Multiple directory traversal vulnerabilities in aBitWhizzy allow remote attackers to list arbitrary directories via a .. (dot dot) in the d parameter to (1) whizzery/whizzypic.php or (2) whizzery/whizzylink.php, different vectors than CVE-2006-6384.... Read more

    Affected Products : abitwhizzy
    • EPSS Score: %6.64
    • Published: Mar. 30, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-1850

    Multiple cross-site scripting (XSS) vulnerabilities in xFlow 5.46.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) level, (2) position, (3) id, and (4) action parameters to members_only/index.cgi, and the (5) page p... Read more

    Affected Products : xflow
    • EPSS Score: %0.56
    • Published: Apr. 19, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1841

    Cross-site scripting (XSS) vulnerability in search.php in boastMachine (bMachine) 2.7, and possibly other versions before 2.9b, allows remote attackers to inject arbitrary web script or HTML via the key parameter, as used by the search field.... Read more

    Affected Products : boastmachine
    • EPSS Score: %0.43
    • Published: Apr. 19, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2024-52513

    Nextcloud Server is a self hosted personal cloud system. After receiving a "Files drop" or "Password protected" share link a malicious user was able to download attachments that are referenced in Text files without providing the password. It is recommende... Read more

    Affected Products : notes
    • Published: Nov. 15, 2024
    • Modified: Nov. 18, 2024

  • 2.6

    LOW
    CVE-2006-1898

    Multiple cross-site scripting (XSS) vulnerabilities in Ralph Capper Tiny PHP Forum (TPF) 3.6 allow remote attackers to inject arbitrary web script or HTML via (1) the uname parameter in a view action in profile.php and (2) a login name. NOTE: the "Access... Read more

    Affected Products : tinyphpforum
    • EPSS Score: %0.43
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3338

    Cross-site scripting (XSS) vulnerability in Atlassian JIRA 3.6.2-#156 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a direct request to secure/ConfigureReleaseNote.jspa, which are not sanitized before being retu... Read more

    Affected Products : jira jira_server
    • EPSS Score: %0.50
    • Published: Jul. 03, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3333

    Cross-site scripting (XSS) vulnerability in index.php in Zorum Forum 3.5 allows remote attackers to inject web script or HTML via the multiple unspecified parameters, including the (1) frommethod, (2) list, and (3) method, which are reflected in an error ... Read more

    Affected Products : zorum
    • EPSS Score: %0.25
    • Published: Jun. 30, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2012-5307

    Cross-site scripting (XSS) vulnerability in servlet/traveler in IBM Lotus Notes Traveler before 8.5.3.3 Interim Fix 1, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via the redirectURL parameter, a different vulnerab... Read more

    Affected Products : lotus_notes_traveler notes_traveler
    • EPSS Score: %0.20
    • Published: Oct. 08, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-3612

    Cross-site scripting (XSS) vulnerability in Phorum 5.1.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : phorum
    • EPSS Score: %0.30
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2518

    Cross-site scripting (XSS) vulnerability in phpwcms 1.2.5-DEV allows remote attackers to inject arbitrary web script or HTML via the BL[be_cnt_plainhtml] parameter to include/inc_tmpl/content/cnt6.inc.php.... Read more

    Affected Products : phpwcms
    • EPSS Score: %0.62
    • Published: May. 22, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2024-20911

    Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracl... Read more

    Affected Products : audit_vault_and_database_firewall
    • Published: Feb. 17, 2024
    • Modified: Mar. 27, 2025

  • 2.6

    LOW
    CVE-2006-2163

    Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart 3.33 and earlier allows remote attackers to inject arbitrary web script or HTML via the setbackurl parameter.... Read more

    Affected Products : pinnacle_cart
    • EPSS Score: %0.51
    • Published: May. 04, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2165

    Multiple cross-site scripting (XSS) vulnerabilities in Avactis Shopping Cart 0.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) category_id parameter in (a) store_special_offers.php and (b) store.php and (2) prod_i... Read more

    Affected Products : avactis_shopping_cart
    • EPSS Score: %0.36
    • Published: May. 04, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-1615

    Opera allows remote attackers to cause a denial of service (invalid memory reference and application crash) via a web page or HTML email that contains a TBODY tag with a large COL SPAN value, as demonstrated by mangleme.... Read more

    Affected Products : opera_browser
    • EPSS Score: %1.57
    • Published: Oct. 18, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2001-0807

    Internet Explorer 5.0, and possibly other versions, may allow remote attackers (malicious web pages) to read known text files from a client's hard drive via a SCRIPT tag with a SRC value that points to the text file.... Read more

    Affected Products : internet_explorer
    • EPSS Score: %9.16
    • Published: Dec. 06, 2001
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2013-1517

    Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related to Diagnostics.... Read more

    Affected Products : e-business_suite
    • EPSS Score: %0.32
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2011-4457

    OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element.... Read more

    Affected Products : owasp-java-html-sanitizer
    • EPSS Score: %0.22
    • Published: Nov. 17, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2008-4893

    Cross-site scripting (XSS) vulnerability in templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php in Tribiq CMS 5.0.10a, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the template_path parame... Read more

    Affected Products : tribiq_cms
    • EPSS Score: %0.17
    • Published: Nov. 04, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 291750 Results