Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2013-6492

    The Piranha Configuration Tool in Piranha 0.8.6 does not properly restrict access to webpages, which allows remote attackers to bypass authentication and read or modify the LVS configuration via an HTTP POST request.... Read more

    Affected Products : piranha
    • Published: Feb. 14, 2014
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2013-6456

    The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virDomain... Read more

    Affected Products : fedora libvirt
    • Published: Apr. 15, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2013-6442

    The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass intended access restrictions in opportunistic circumstan... Read more

    Affected Products : samba
    • Published: Mar. 14, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2013-5611

    Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation.... Read more

    • Published: Dec. 11, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2013-4111

    The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name (CN) or subjectAltName field of... Read more

    Affected Products : opensuse python_glanceclient
    • Published: Aug. 28, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2013-2223

    GNU ZRTPCPP before 3.2.0 allows remote attackers to obtain sensitive information (uninitialized heap memory) or cause a denial of service (out-of-bounds read) via a crafted packet, as demonstrated by a truncated Ping packet that is not properly handled by... Read more

    Affected Products : zrtpcpp
    • Published: Oct. 04, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2013-1856

    The ActiveSupport::XmlMini_JDOM backend in lib/active_support/xml_mini/jdom.rb in the Active Support component in Ruby on Rails 3.0.x and 3.1.x before 3.1.12 and 3.2.x before 3.2.13, when JRuby is used, does not properly restrict the capabilities of the X... Read more

    Affected Products : rails activesupport ruby_on_rails
    • Published: Mar. 19, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-3964

    Google Chrome before 17.0.963.46 does not properly implement the drag-and-drop feature, which makes it easier for remote attackers to spoof the URL bar via unspecified vectors.... Read more

    Affected Products : chrome
    • Published: Feb. 09, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-3061

    Google Chrome before 18.0.1025.142 does not properly check X.509 certificates before use of a SPDY proxy, which might allow man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate.... Read more

    Affected Products : chrome
    • Published: Mar. 30, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-2752

    CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows remote attackers to modify or add preference values via a \n (newline) character, a different vulnerability than CVE-2010-4555.... Read more

    Affected Products : squirrelmail change_passwd
    • Published: Jul. 17, 2011
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-0718

    Red Hat Network (RHN) Satellite Server 5.4 does not use a time delay after a failed login attempt, which makes it easier for remote attackers to conduct brute force password guessing attacks.... Read more

    Affected Products : network_satellite_server
    • Published: Feb. 25, 2011
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2010-3171

    The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attackers ... Read more

    Affected Products : firefox
    • Published: Sep. 15, 2010
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2010-2197

    rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax of spec files, which allows user-assisted remote attackers to remove home directories via vectors involving a ;~ (semicolon tilde) sequence in a Name tag.... Read more

    Affected Products : rpm
    • Published: Jun. 08, 2010
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2021-1717

    Microsoft SharePoint Server Spoofing Vulnerability... Read more

    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-1534

    A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due ... Read more

    • Published: Oct. 06, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2007-2423

    Cross-site scripting (XSS) vulnerability in index.php in MoinMoin 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the do parameter in an AttachFile action, a different vulnerability than CVE-2007-0857. NOTE: the provenance of thi... Read more

    Affected Products : moinmoin moinmoin
    • Published: May. 02, 2007
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2021-21644

    A cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.7.0 and earlier allows attackers to delete configuration files corresponding to an attacker-specified ID.... Read more

    Affected Products : config_file_provider
    • Published: Apr. 21, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2016-6626

    An issue was discovered in phpMyAdmin. An attacker could redirect a user to a malicious web page. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.... Read more

    Affected Products : phpmyadmin
    • Published: Dec. 11, 2016
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2021-1229

    A vulnerability in ICMP Version 6 (ICMPv6) processing in Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a slow system memory leak, which over time could lead to a denial of service (DoS) condition. This vulnerability is due ... Read more

    • Published: Feb. 24, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-1224

    Multiple Cisco products are affected by a vulnerability with TCP Fast Open (TFO) when used in conjunction with the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability i... Read more

    • Published: Jan. 13, 2021
    • Modified: Nov. 26, 2024
Showing 20 of 294848 Results