Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2021-23393

    This affects the package Flask-Unchained before 0.9.0. When using the the _validate_redirect_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\\evil.com/path. This vu... Read more

    Affected Products : flask_unchained
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2013-4420

    Multiple directory traversal vulnerabilities in the (1) tar_extract_glob and (2) tar_extract_all functions in libtar 1.2.20 and earlier allow remote attackers to overwrite arbitrary files via a .. (dot dot) in a crafted tar file.... Read more

    Affected Products : libtar
    • Published: Feb. 20, 2014
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2013-2458

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. NOTE: the previo... Read more

    Affected Products : jdk jre
    • Published: Jun. 18, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2013-1299

    Microsoft Windows Modern Mail allows remote attackers to spoof link targets via a crafted HTML e-mail message.... Read more

    • Published: Mar. 29, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2013-0127

    IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 does not block APPLET elements in HTML e-mail, which allows remote attackers to bypass intended restrictions on Java code execution and X-Confirm-Reading-To functionality via ... Read more

    Affected Products : lotus_notes notes
    • Published: May. 01, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2012-3482

    Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the b... Read more

    Affected Products : fetchmail
    • Published: Dec. 21, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2012-2549

    The IP-HTTPS server in Windows Server 2008 R2 and R2 SP1 and Server 2012 does not properly validate certificates, which allows remote attackers to bypass intended access restrictions via a revoked certificate, aka "Revoked Certificate Bypass Vulnerability... Read more

    • Published: Dec. 12, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2012-1589

    Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted parameters in a destination URL.... Read more

    Affected Products : drupal
    • Published: May. 18, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2021-22949

    A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to duplicate files which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security CMS Research Team"... Read more

    Affected Products : concrete_cms
    • Published: Sep. 23, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-22953

    A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security Research Team"... Read more

    Affected Products : concrete_cms
    • Published: Sep. 23, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2011-0219

    Apple Safari before 5.0.6 allows remote attackers to bypass the Same Origin Policy, and modify the rendering of text from arbitrary web sites, via a Java applet that loads fonts.... Read more

    • Published: Jul. 21, 2011
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2010-1125

    The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible f... Read more

    Affected Products : firefox seamonkey
    • Published: Mar. 26, 2010
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2009-4632

    oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read.... Read more

    Affected Products : ffmpeg
    • Published: Feb. 10, 2010
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2009-1693

    WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capture i... Read more

    Affected Products : safari
    • Published: Jun. 10, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2009-1104

    The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent Javascript that is loaded from the localhost from connecting to other ports ... Read more

    Affected Products : java
    • Published: Mar. 25, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2017-18443

    cPanel before 64.0.21 allows demo and suspended accounts to use SSH port forwarding (SEC-247).... Read more

    Affected Products : cpanel
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-22518

    A vulnerability identified in OpenText™ Identity Manager AzureAD Driver that allows logging of sensitive information into log file. This impacts all versions before 5.1.4.0... Read more

    Affected Products : identity_manager_azuread_driver
    • Published: Sep. 12, 2024
    • Modified: Oct. 02, 2024

  • 5.8

    MEDIUM
    CVE-2007-6746

    telepathy-idle before 0.1.15 does not verify (1) that the issuer is a trusted CA, (2) that the server hostname matches a domain name in the subject's Common Name (CN), or (3) the expiration date of the X.509 certificate, which allows man-in-the-middle att... Read more

    Affected Products : ubuntu_linux telepathy-idle
    • Published: May. 21, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2005-0420

    Microsoft Outlook Web Access (OWA), when used with Exchange, allows remote attackers to redirect users to arbitrary URLs for login via a link to the owalogon.asp application.... Read more

    Affected Products : exchange_server
    • Published: Apr. 27, 2005
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2003-1567

    The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypa... Read more

    Affected Products : internet_information_services iis
    • Published: Jan. 15, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 294848 Results