Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2006-3044

    Cross-site scripting (XSS) vulnerability in LogiSphere 1.6.0 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected in an error page.... Read more

    Affected Products : logisphere
    • Published: Jun. 16, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1640

    Cross-site scripting (XSS) vulnerability in news.php in CzarNews 1.14 allows remote attackers to inject arbitrary web script or HTML via the email parameter.... Read more

    Affected Products : czarnews
    • Published: Apr. 06, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3848

    Cross-site scripting (XSS) vulnerability in CGI wrapper for IP Calculator (IPCalc) 0.40 allows remote attackers to inject arbitrary web script or HTML via the URI (REQUEST_URI environment variable), which is used in the actionurl variable.... Read more

    Affected Products : ip_calculator
    • Published: Jul. 25, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2007-0685

    Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows attackers to cause a denial of service (application crash and device instability) via unspecified vectors, possibly related to a buffer overflow... Read more

    Affected Products : windows_mobile windows_mobile
    • Published: Feb. 03, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-4080

    DeluxeBB 1.08, and possibly earlier, uses cookies that include the MD5 hash of a password, which allows remote attackers to gain privileges by sniffing or cross-site scripting (XSS) and conduct password guessing attacks.... Read more

    Affected Products : deluxebb
    • Published: Aug. 11, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-1009

    The Disney Go Express Search allows remote attackers to access and modify search information for users by connecting to an HTTP server on the user's system.... Read more

    Affected Products : go_express_search
    • Published: Dec. 12, 1999
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2010-2151

    Cross-site request forgery (CSRF) vulnerability in Fujitsu e-Pares V01 L01 V01 L01, L03, L10, L20, L30, and L40 allows remote attackers to hijack the authentication of users for requests that modify "facility reservation data" via unknown vectors.... Read more

    Affected Products : e-pares
    • Published: Jun. 03, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2000-0849

    Race condition in Microsoft Windows Media server allows remote attackers to cause a denial of service in the Windows Media Unicast Service via a malformed request, aka the "Unicast Service Race Condition" vulnerability.... Read more

    Affected Products : windows_media_services
    • Published: Nov. 14, 2000
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-0935

    Microsoft Word 2003 allows remote attackers to cause a denial of service (application crash) via a crafted file, as demonstrated by 101_filefuzz.... Read more

    Affected Products : word
    • Published: Feb. 28, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3299

    Cross-site scripting (XSS) vulnerability in index.php in Usenet Script 0.5 allows remote attackers to inject arbitrary web script or HTML via the group parameter.... Read more

    Affected Products : usenet
    • Published: Jun. 29, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4210

    nu_mail.inc.php in Andreas Kansok phPay 2.02 and 2.02.1, when register_globals is enabled, allows remote attackers to use the server as an open mail relay via modified mail_text2, user_row[5], nu_mail_1, and shop_mail parameters. NOTE: some of these deta... Read more

    Affected Products : phpay
    • Published: Aug. 17, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2007-3594

    Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in (a) ping.do and (b) traceRoute.do in map/; the (2) reportName, (3) ... Read more

    Affected Products : manageengine_netflow_analyzer
    • Published: Jul. 06, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-1701

    Cross-site scripting (XSS) vulnerability in the Pages module in Shadowed Portal allows remote attackers to inject arbitrary web script or HTML via the page parameter to load.php.... Read more

    Affected Products : shadowed_portal
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-0724

    profile.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified (1) action, (2) passwd, (3) admin_password, (4) new... Read more

    Affected Products : magic_news_lite
    • Published: Feb. 16, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2010-1856

    Cross-site scripting (XSS) vulnerability in index.php in RepairShop2 1.9.023 Trial, when magic_quotes_gpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the prod parameter in a products.details action.... Read more

    Affected Products : repairshop2
    • Published: May. 07, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2015-7232

    Cross-site scripting (XSS) vulnerability in unspecified administration pages in the OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology module is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vecto... Read more

    Affected Products : open_semantic_framework
    • Published: Sep. 17, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2006-3235

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in FineShop 3.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) promocja, (2) wysw, or (3) id_produc parameters.... Read more

    Affected Products : fineshop
    • Published: Jun. 27, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3337

    Cross-site scripting (XSS) vulnerability in frontend/x/files/select.html in cPanel 10.8.2-CURRENT 118 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter.... Read more

    Affected Products : cpanel
    • Published: Jul. 03, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3247

    Multiple cross-site scripting (XSS) vulnerabilities in show.php in GL-SH Deaf Forum 6.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) page, and (3) action parameters. NOTE: the provenance of this info... Read more

    Affected Products : deaf_forum
    • Published: Jun. 27, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2007-3685

    Cross-site scripting (XSS) vulnerability in rpc.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter.... Read more

    Affected Products : unobtrusive_ajax_star_rating_bar
    • Published: Jul. 11, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 293507 Results