Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2009-4129

    Race condition in Mozilla Firefox allows remote attackers to produce a JavaScript message with a spoofed domain association by writing the message in between the document request and document load for a web page in a different domain.... Read more

    Affected Products : firefox
    • Published: Dec. 14, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2012-5799

    The Canada Post (aka CanadaPost) module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL ... Read more

    Affected Products : prestashop canadapost
    • Published: Nov. 04, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2002-2312

    Opera 6.0.1 allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage.... Read more

    Affected Products : opera
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2012-3003

    Open redirect vulnerability in an unspecified web application in Siemens WinCC 7.0 SP3 before Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a GET request.... Read more

    Affected Products : wincc
    • Published: Jun. 08, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2013-2319

    FileMaker Pro before 12 and Pro Advanced before 12 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    • Published: Jun. 10, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2017-12300

    A vulnerability in the SNORT detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the Server Message Block Version 2 (SMB2) protocol. The vulnerability is d... Read more

    • Published: Nov. 16, 2017
    • Modified: Apr. 20, 2025

  • 5.8

    MEDIUM
    CVE-2014-1991

    Open redirect vulnerability in WebPlatform / AppFramework 6.0 through 7.2 in NTT DATA INTRAMART intra-mart allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.... Read more

    Affected Products : webplatform\/appframework
    • Published: May. 09, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2013-2694

    Open redirect vulnerability in invite.php in the WP Symposium plugin 13.04 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the u parameter.... Read more

    Affected Products : wp_symposium wp_symposium
    • Published: Mar. 28, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2012-0052

    Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 does not check the JON agent key, which allows remote attackers to spoof the identity of arbitrary agents via the registered agent name.... Read more

    Affected Products : jboss_operations_network
    • Published: Feb. 14, 2014
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2006-2994

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in phazizGuestbook 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, (3) url fields, and (4) text field (content parameter).... Read more

    Affected Products : phazizguestbook
    • Published: Jun. 13, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2007-2012

    Multiple directory traversal vulnerabilities in MimarSinan CompreXX 4.1 allow remote attackers to create files in arbitrary directories via a .. (dot dot) in a (1) .rar, (2) .jar or (3) .zip archive.... Read more

    Affected Products : comprexx
    • Published: Apr. 12, 2007
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2007-4901

    The embedded Internet Explorer server control in AOL Instant Messenger (AIM) 6.1.41.2 and 6.2.32.1, AIM Pro, and AIM Lite does not properly constrain the use of mshtml.dll's web script and HTML functionality for incoming instant messages, which allows rem... Read more

    Affected Products : instant_messenger aim_lite aim_pro
    • Published: Sep. 14, 2007
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2008-4787

    Visual truncation vulnerability in Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar via a URL with a hostname containing many   (Non-Blocking Space character) sequences, which are rendered as whitespace, aka MSRC ticket ... Read more

    Affected Products : internet_explorer
    • Published: Oct. 29, 2008
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2008-7269

    Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter in a logout action.... Read more

    Affected Products : siteengine
    • Published: Dec. 01, 2010
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2016-8292

    Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to Talent Acquisition Manager.... Read more

    • Published: Oct. 25, 2016
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2012-2707

    The Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal does not properly exit when users do not have access to package/task nodes, which allows remote attackers to bypass intended access restrictions and edit unauthorized nodes.... Read more

    Affected Products : drupal hostmaster hostmaster
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2012-5356

    The apt-add-repository tool in Ubuntu Software Properties 0.75.x before 0.75.10.3, 0.80.x before 0.80.9.2, 0.81.x before 0.81.13.5, 0.82.x before 0.82.7.3, and 0.92.x before 0.92.8 does not properly check PPA GPG keys imported from a keyserver, which allo... Read more

    • Published: Oct. 10, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2012-5809

    The Groupon Redemptions application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL server... Read more

    Affected Products : groupon_merchants
    • Published: Nov. 04, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2018-0243

    A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured file action policy that is intended to drop the Server Message Block Version 2 (SMB2) and SMB Version 3 (SMB3... Read more

    Affected Products : firepower_threat_defense
    • Published: Apr. 19, 2018
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2020-1978

    TechSupport files generated on Palo Alto Networks VM Series firewalls for Microsoft Azure platform configured with high availability (HA) inadvertently collect Azure dashboard service account credentials. These credentials are equivalent to the credential... Read more

    Affected Products : pan-os vm-series
    • Published: Apr. 08, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294858 Results