Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2024-20315

    A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to improper assignmen... Read more

    Affected Products : ios_xr
    • Published: Mar. 13, 2024
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2024-20299

    A vulnerability in the AnyConnect firewall for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow tr... Read more

    • Published: Oct. 23, 2024
    • Modified: Aug. 01, 2025

  • 5.8

    MEDIUM
    CVE-2012-0126

    Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.11 and 11.23 allows remote attackers to obtain access to diagnostic information via unknown vectors, a related issue to CVE-2012-0125.... Read more

    Affected Products : hp-ux
    • Published: Mar. 28, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2024-20291

    A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked throug... Read more

    • Published: Feb. 29, 2024
    • Modified: Apr. 30, 2025

  • 5.8

    MEDIUM
    CVE-2012-0128

    HP Onboard Administrator (OA) before 3.50 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.... Read more

    Affected Products : onboard_administrator
    • Published: Apr. 05, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2012-0062

    Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessions via an agent registration request without a security token.... Read more

    Affected Products : jboss_operations_network
    • Published: Feb. 14, 2014
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-5251

    Open redirect vulnerability in forum/login.php in vBulletin 4.1.3 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter in a lostpw action.... Read more

    Affected Products : vbulletin
    • Published: Dec. 31, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-5243

    TwitterOAuth does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificat... Read more

    Affected Products : twitteroauth
    • Published: Nov. 06, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-5252

    Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL i... Read more

    Affected Products : orchard
    • Published: Jan. 12, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-5242

    tmhOAuth before 0.61 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid ce... Read more

    Affected Products : tmhoauth
    • Published: Nov. 06, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-5240

    Magento 1.5 and 1.6.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid c... Read more

    Affected Products : magento magento
    • Published: Nov. 06, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-5237

    PayPal WPS ToolKit does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid cert... Read more

    Affected Products : wps_toolkit
    • Published: Nov. 06, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-5079

    Open redirect vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL, probably in the "return url parameter.... Read more

    Affected Products : typo3 irfaq
    • Published: Feb. 14, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-4951

    Open redirect vulnerability in phpgwapi/ntlm/index.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to redirect users to arbitrary web sites and conduct phishin... Read more

    • Published: Aug. 31, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-4864

    The Tencent MobileQQ (com.tencent.mobileqq) application 2.2 for Android does not properly protect data, which allows remote attackers to read or modify messages and a friends list via a crafted application.... Read more

    Affected Products : android mobileqq
    • Published: Jan. 25, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-4863

    The Tencent QQPimSecure (com.tencent.qqpimsecure) application 3.0.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS/MMS messages and a contact list via a crafted application.... Read more

    Affected Products : android qqpimsecure
    • Published: Jan. 25, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-4770

    The QIWI Wallet (ru.mw) application before 1.14.2 for Android does not properly protect data, which allows remote attackers to read or modify financial information via a crafted application.... Read more

    Affected Products : wallet android
    • Published: Jan. 25, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-4769

    The 360 MobileSafe (com.qihoo360.mobilesafe) application 2.x before 2.3.0 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and a contact list via a crafted application.... Read more

    Affected Products : mobilesafe android
    • Published: Jan. 25, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-4700

    The UberMedia UberSocial (com.twidroid) application 7.x before 7.2.4 for Android does not properly protect data, which allows remote attackers to read or modify Twitter information via a crafted application.... Read more

    Affected Products : ubersocial android
    • Published: Jan. 25, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-4702

    The Nimbuzz (com.nimbuzz) application 2.0.8 and 2.0.10 for Android does not properly protect data, which allows remote attackers to read or modify a contact list via a crafted application.... Read more

    Affected Products : nimbuzz android
    • Published: Jan. 25, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 294848 Results