Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2013-3798

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect integrity and availability via unknown vectors related to MemCached.... Read more

    Affected Products : mysql
    • Published: Jul. 17, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2020-3981

    VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read vulnerability due to a time-of-check time-of-use issue in ACP... Read more

    • Published: Oct. 20, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2013-3641

    The Pizza Hut Japan Official Order application before 1.1.1.a for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    • Published: Jun. 10, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2013-3511

    Open redirect vulnerability in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.... Read more

    Affected Products : groundwork_monitor
    • Published: May. 08, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2013-3446

    Open redirect vulnerability in the login page in Cisco Digital Media Manager (DMM) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCub23849.... Read more

    Affected Products : digital_media_manager
    • Published: Sep. 12, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2013-3277

    Open redirect vulnerability in EMC RSA Archer GRC 5.x before 5.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.... Read more

    Affected Products : rsa_archer_egrc
    • Published: Sep. 05, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2013-2881

    Google Chrome before 28.0.1500.95 does not properly handle frames, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.... Read more

    Affected Products : debian_linux chrome
    • Published: Jul. 31, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2024-23983

    Improper handling of canonical URL-encoding may lead to bypass not properly constrained by request rules.... Read more

    Affected Products : pingaccess
    • Published: Nov. 11, 2024
    • Modified: Nov. 12, 2024

  • 5.8

    MEDIUM
    CVE-2013-2503

    Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Requi... Read more

    Affected Products : privoxy
    • Published: Mar. 11, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2013-2653

    security/MemberLoginForm.php in SilverStripe 3.0.3 supports login using a GET request, which makes it easier for remote attackers to conduct phishing attacks without detection by the victim.... Read more

    Affected Products : silverstripe
    • Published: Nov. 13, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2020-26082

    A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is ... Read more

    • Published: Aug. 04, 2023
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2013-2316

    The Yahoo! Browser application 1.4.4 and earlier for Android allows remote attackers to spoof the address bar via vectors related to URL display, a different vulnerability than CVE-2013-2307.... Read more

    Affected Products : yahoo\!_browser
    • Published: Jun. 03, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2013-2307

    The Yahoo! Browser application before 1.4.3 for Android allows remote attackers to spoof the address bar via a crafted web site.... Read more

    Affected Products : yahoo\!_browser
    • Published: Apr. 26, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2013-2248

    Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.... Read more

    Affected Products : struts
    • Published: Jul. 20, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2013-2182

    The Mandril security plugin in Monkey HTTP Daemon (monkeyd) before 1.5.0 allows remote attackers to bypass access restrictions via a crafted URI, as demonstrated by an encoded forward slash.... Read more

    Affected Products : monkey monkey_http_daemon
    • Published: Jun. 13, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2013-2123

    The Node access user reference module 6.x-3.x before 6.x-3.5 and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to content containing a user reference field when the author update/delete grants are enabled and the author's user accou... Read more

    • Published: Aug. 28, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2009-0777

    Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to s... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Mar. 05, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2014-1976

    The Demaecan application 2.1.0 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : demaecan
    • Published: Mar. 18, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2013-2070

    http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker proce... Read more

    Affected Products : debian_linux nginx nginx
    • Published: Jul. 20, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2013-1909

    The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers vi... Read more

    Affected Products : enterprise_mrg qpid
    • Published: Aug. 23, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 294848 Results