Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2013-1212

    The SSL functionality in Cisco NX-OS on the Nexus 1000V does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof servers, and intercept or modify Virtual Supervisor Module (VSM) to VMware vCenter communication, via a ... Read more

    Affected Products : nx-os nexus_1000v
    • Published: May. 29, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2013-1093

    Open redirect vulnerability in the fwdToURL function in the ZCC login page in zcc-framework.jar in Novell ZENworks Configuration Management (ZCM) 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to redirect users to arbitrary web sites and con... Read more

    Affected Products : zenworks_configuration_management
    • Published: Jun. 17, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2013-0772

    The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and app... Read more

    • Published: Feb. 19, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2012-6085

    The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 and 2.0.x through 2.0.19, when importing a key, allows remote attackers to corrupt the public keyring database or cause a denial of service (application crash) via a crafted length field... Read more

    Affected Products : gnupg
    • Published: Jan. 24, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2012-5633

    The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.... Read more

    Affected Products : cxf
    • Published: Mar. 12, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2020-8954

    OpenSearch Web browser 1.0.4.9 allows Intent Scheme Hijacking.[a link that opens another app in the browser can be manipulated]... Read more

    Affected Products : openbrowser
    • Published: Jun. 08, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2012-4074

    The Board Management Controller (BMC) in the Serial over LAN (SoL) subsystem in Cisco Unified Computing System (UCS) relies on a hardcoded private key, which allows man-in-the-middle attackers to obtain sensitive information or modify the data stream by l... Read more

    Affected Products : unified_computing_system
    • Published: Sep. 20, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2012-3493

    The command_give_request_ad function in condor_startd.V6/command.cpp Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 allows remote attackers to obtain sensitive information, and possibly control or start arbitrary jobs, via a ClassAd request to the cond... Read more

    Affected Products : condor
    • Published: Sep. 28, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2015-6548

    Multiple SQL injection vulnerabilities in a PHP script in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : web_gateway
    • Published: Sep. 20, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2012-0551

    Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows remo... Read more

    Affected Products : jdk jre glassfish_server jre jdk
    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2012-0528

    Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, and 11.1.0.7, and Oracle Enterprise Manager Grid Control, allows remote attackers to affect confidentiality and integrity v... Read more

    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2012-0043

    Buffer overflow in the reassemble_message function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) or possibly execute ar... Read more

    Affected Products : wireshark
    • Published: Apr. 11, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2010-3879

    FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of the mountpoint of a FUSE filesystem, a different vulnerability t... Read more

    Affected Products : libfuse
    • Published: Jan. 22, 2011
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2010-3178

    Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and per... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Oct. 21, 2010
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2008-7293

    Mozilla Firefox before 4 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the... Read more

    Affected Products : firefox
    • Published: Aug. 09, 2011
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2008-0002

    Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during t... Read more

    Affected Products : tomcat
    • Published: Feb. 12, 2008
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2007-6018

    IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to (1) delete arbitrary e-mail messages via a modified numeric ID or (2) "pur... Read more

    • Published: Jan. 11, 2008
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2007-3744

    Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in mDNSResponder on Apple Mac OS X 10.4.10 before 20070731 allows network-adjacent remote attackers to execute arbitrary code via a cr... Read more

    Affected Products : mac_os_x mac_os_x_server mac_os_x
    • Published: Aug. 03, 2007
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2006-7140

    The libike library, as used by in.iked, elfsign, and kcfd in Sun Solaris 9 and 10, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by th... Read more

    Affected Products : solaris sunos
    • Published: Mar. 07, 2007
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2015-5770

    MobileInstallation in Apple iOS before 8.4.1 does not ensure the uniqueness of universal provisioning profile bundle IDs, which allows attackers to replace arbitrary extensions via a crafted enterprise app.... Read more

    Affected Products : iphone_os
    • Published: Aug. 17, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 294848 Results