Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2012-5782

    Amazon Flexible Payments Service (FPS) PHP Library does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL ser... Read more

    Affected Products : flexible_payments_service
    • Published: Nov. 04, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2012-5793

    The Authorize.Net module in osCommerce does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an ... Read more

    Affected Products : oscommerce authorize.net
    • Published: Nov. 04, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2012-5781

    Amazon Elastic Load Balancing API Tools does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an... Read more

    • Published: Nov. 04, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2020-27650

    Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.... Read more

    • Published: Oct. 29, 2020
    • Modified: Jan. 14, 2025

  • 5.8

    MEDIUM
    CVE-2012-5788

    The PayPal IPN utility does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid ... Read more

    Affected Products : ipn
    • Published: Nov. 04, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2012-5770

    The SSL configuration in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 supports the MD5 hash algorithm, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic via a brute-force... Read more

    • Published: Mar. 06, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2012-5814

    Weberknecht, as used in GitHub Gaug.es and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof... Read more

    Affected Products : gaug.es weberknecht
    • Published: Nov. 04, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2012-5804

    The CyberSource module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbi... Read more

    Affected Products : ubercart cybersource
    • Published: Nov. 04, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2012-5790

    PayPal Payments Standard PHP Library 20120427 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers ... Read more

    Affected Products : payments_standard
    • Published: Nov. 04, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2012-5801

    The PayPal module in PrestaShop does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitra... Read more

    Affected Products : prestashop ebay
    • Published: Nov. 04, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2012-5662

    x3270 before 3.3.12ga12 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid... Read more

    Affected Products : x3270
    • Published: May. 27, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2012-5583

    phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid cer... Read more

    Affected Products : phpcas phpcas
    • Published: Jun. 06, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2012-5353

    Eduserv OpenAthens SP 2.0 for Java allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack."... Read more

    Affected Products : openathens_service_provider
    • Published: Oct. 09, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2012-5321

    tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka "frame injection."... Read more

    Affected Products : tikiwiki_cms\/groupware
    • Published: Oct. 08, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2021-1625

    A vulnerability in the Zone-Based Policy Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent the Zone-Based Policy Firewall from correctly classifying traffic. This vulnerability exists because ICMP and UDP... Read more

    Affected Products : ios_xe
    • Published: Sep. 23, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2019-19312

    GitLab EE 8.14 through 12.5, 12.4.3, and 12.3.6 has Incorrect Access Control. After a project changed to private, previously forked repositories were still able to get information about the private project through the API.... Read more

    Affected Products : gitlab
    • Published: Jan. 05, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2012-4671

    psyced before 20120821 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted.... Read more

    Affected Products : psyced
    • Published: Aug. 25, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2012-4669

    M-Link R14.6 before R14.6v14 and R15.1 before R15.1v10 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted.... Read more

    Affected Products : m-link
    • Published: Aug. 25, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2012-4672

    Apple iChat Server does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted.... Read more

    Affected Products : ichat_server
    • Published: Aug. 25, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2012-4549

    The processInvocation function in org.jboss.as.ejb3.security.AuthorizationInterceptor in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, authorizes all requests when no roles are allowed for an Enterprise Java Beans (EJB) meth... Read more

    • Published: Jan. 05, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 294848 Results