Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2009-4151

    Session fixation vulnerability in html/Elements/SetupSessionCookie in Best Practical Solutions RT 3.0.0 through 3.6.9 and 3.8.x through 3.8.5 allows remote attackers to hijack web sessions by setting the session identifier via a manipulation that leverage... Read more

    Affected Products : rt request_tracker
    • Published: Dec. 02, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2020-1728

    A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid a... Read more

    Affected Products : quarkus keycloak
    • Published: Apr. 06, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2012-1342

    Cisco Carrier Routing System (CRS) 3.9, 4.0, and 4.1 allows remote attackers to bypass ACL entries via fragmented packets, aka Bug ID CSCtj10975.... Read more

    Affected Products : carrier_routing_system
    • Published: Aug. 06, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2012-1244

    The NTT DOCOMO sp mode mail application 5400 and earlier for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : spmode_mail_android
    • Published: Apr. 27, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2024-20513

    A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for targeted users of the AnyConnect service on an affected... Read more

    • Published: Oct. 02, 2024
    • Modified: Jun. 04, 2025

  • 5.8

    MEDIUM
    CVE-2012-1251

    Opera before 9.63 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : opera_browser
    • Published: Jun. 04, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2012-1100

    Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bind account credentials are invalid, allows remote attackers to login to LDAP-based accounts via an arbitrary password in a lo... Read more

    Affected Products : jboss_operations_network
    • Published: Feb. 14, 2014
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2024-20481

    A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the RAVPN ... Read more

    • Actively Exploited
    • Published: Oct. 23, 2024
    • Modified: Oct. 29, 2024

  • 5.8

    MEDIUM
    CVE-2012-1023

    Open redirect vulnerability in admin/index.php in 4images 1.7.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter.... Read more

    Affected Products : 4images
    • Published: Feb. 08, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2024-20465

    A vulnerability in the access control list (ACL) programming of Cisco IOS Software running on Cisco Industrial Ethernet 4000, 4010, and 5000 Series Switches could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability ... Read more

    Affected Products : ios
    • Published: Sep. 25, 2024
    • Modified: Oct. 24, 2024

  • 5.8

    MEDIUM
    CVE-2012-0907

    Directory traversal vulnerability in the web player in NeoAxis NeoAxis web player 1.4 and earlier allows user-assisted remote attackers to write arbitrary files via a .. (dot dot) in a filename in the neoaxis_web_application_win32.zip ZIP archive.... Read more

    Affected Products : neoaxis_web_player
    • Published: Jan. 20, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2012-0865

    Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) r parameter to switch.php or (2) goto parameter to admin/login.php.... Read more

    Affected Products : cubecart
    • Published: Feb. 21, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2012-0738

    IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during scanning, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate.... Read more

    • Published: Dec. 28, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2012-0732

    The Enterprise Console client in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certi... Read more

    Affected Products : rational_appscan
    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2024-20431

    A vulnerability in the geolocation access control feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass an access control policy. This vulnerability is due to improper assignment of geolocati... Read more

    Affected Products : firepower_threat_defense
    • Published: Oct. 23, 2024
    • Modified: Nov. 05, 2024

  • 5.8

    MEDIUM
    CVE-2024-20384

    A vulnerability in the Network Service Group (NSG) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (AC... Read more

    • Published: Oct. 23, 2024
    • Modified: Aug. 01, 2025

  • 5.8

    MEDIUM
    CVE-2024-20363

    Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine that could allow an unauthenticated, remote attacker to bypass the configured rules on an affected system. This vulnerability is due to inco... Read more

    • Published: May. 22, 2024
    • Modified: Jul. 03, 2025

  • 5.8

    MEDIUM
    CVE-2012-0435

    SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to modify the hosts list, and subsequently conduct man-in-the-middle attacks, via a crafted /host request on TCP port 4984.... Read more

    Affected Products : webyast
    • Published: Jan. 26, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2024-20361

    A vulnerability in the Object Groups for Access Control Lists (ACLs) feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass configured access controls on managed devices that are running Cisco... Read more

    • Published: May. 22, 2024
    • Modified: Aug. 07, 2025

  • 5.8

    MEDIUM
    CVE-2024-20322

    A vulnerability in the access control list (ACL) processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to improper ass... Read more

    • Published: Mar. 13, 2024
    • Modified: Aug. 05, 2025
Showing 20 of 294846 Results