Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2012-5349

    Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the Pay With Tweet plugin before 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) title, or (3) dl parameter.... Read more

    Affected Products : wordpress pay-with-tweet
    • Published: Oct. 09, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-3122

    Unspecified vulnerability in Oracle Sun Solaris 8 and 9 allows local users to affect confidentiality and integrity via unknown vectors related to sort.... Read more

    Affected Products : sunos solaris
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-5868

    WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack.... Read more

    Affected Products : wordpress
    • Published: Dec. 27, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2010-0213

    BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trust anchor that is configured statically or via DNSSEC Lookaside Validation (DLV), allows remote attackers to cause a denial of service (infinite loop) via a query for an RRSIG record who... Read more

    Affected Products : bind
    • Published: Jul. 28, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-4037

    Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file.... Read more

    Affected Products : transmission
    • Published: Aug. 15, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-4600

    Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an... Read more

    Affected Products : otrs otrs_itsm
    • Published: Aug. 31, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-6502

    Microsoft Internet Explorer before 10 allows remote attackers to obtain sensitive information about the existence of files, and read certain data from files, via a UNC share pathname in the SRC attribute of a SCRIPT element, as demonstrated by reading a n... Read more

    Affected Products : internet_explorer
    • Published: Jan. 22, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-3245

    Multiple cross-site scripting (XSS) vulnerabilities in activatemember in mvnForum 1.0 GA and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) member and (2) activatecode parameters.... Read more

    Affected Products : mvnforum
    • Published: Jun. 27, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3237

    Cross-site scripting (XSS) vulnerability in index.php in Enterprise Groupware System (EGS) 1.2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the module parameter.... Read more

    Affected Products : enterprise_groupware_systems
    • Published: Jun. 27, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3313

    Cross-site scripting (XSS) vulnerability in search.jsp in Netsoft smartNet 2.0 allows remote attackers to inject arbitrary web script or HTML via the keyWord parameter.... Read more

    Affected Products : smartnet
    • Published: Jun. 29, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-2343

    Research in Motion (RIM) BlackBerry Handheld web browser for BlackBerry Handheld before 4.0.2 allows remote attackers to cause a denial of service (hang) via a Java Application Description (JAD) file with a long application name and vendor string, which p... Read more

    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3365

    V3 Chat allows remote attackers to obtain the installation path via (1) an invalid id parameter to mail/index.php or (2) membername parameter to messenger/online.php, which displays the path in an error page due to an incorrect SQL statement.... Read more

    Affected Products : v3_chat
    • Published: Jul. 06, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3333

    Cross-site scripting (XSS) vulnerability in index.php in Zorum Forum 3.5 allows remote attackers to inject web script or HTML via the multiple unspecified parameters, including the (1) frommethod, (2) list, and (3) method, which are reflected in an error ... Read more

    Affected Products : zorum
    • Published: Jun. 30, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1554

    Cross-site scripting (XSS) vulnerability in VSNS Lemon 3.2.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter while adding a comment.... Read more

    Affected Products : vsns_lemon
    • Published: Mar. 31, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1759

    Cross-site scripting (XSS) vulnerability in allgemein_transfer.php in SWSoft Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the jahr parameter.... Read more

    Affected Products : confixx
    • Published: Apr. 13, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3039

    Cross-site scripting (XSS) vulnerability in index.php in Cescripts Realty Home Rent allows remote attackers to inject arbitrary web script or HTML via the sel_menu parameter. NOTE: the vendor notified CVE on 20060823 that "All issues concerning this scri... Read more

    Affected Products : realty_home_rent
    • Published: Jun. 15, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3061

    Multiple cross-site scripting (XSS) vulnerabilities in 5 Star Review allow remote attackers to inject arbitrary web script or HTML via the (1) sort parameter in index2.php, (2) item_id parameter in report.php, (3) search_term parameter (aka the "search bo... Read more

    Affected Products : five_star_review_script
    • Published: Jun. 19, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3050

    Directory traversal vulnerability in detail.php in SixCMS 6.0, and other versions before 6.0.6patch2, allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the template parameter.... Read more

    Affected Products : sixcms
    • Published: Jun. 16, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2008-5825

    The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination of space, CR (aka \r), and . (dot) characters, which al... Read more

    Affected Products : 6131_nfc
    • Published: Jan. 02, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-2997

    Cross-site scripting (XSS) vulnerability in ZMS 2.9 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the raw parameter in the search field.... Read more

    Affected Products : zms
    • Published: Jun. 13, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293643 Results