Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2011-4318

    Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-... Read more

    Affected Products : dovecot
    • Published: Mar. 07, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-4294

    The error-message functionality in Moodle 1.9.x before 1.9.13, 2.0.x before 2.0.4, and 2.1.x before 2.1.1 does not ensure that a continuation link refers to an http or https URL for the local Moodle instance, which might allow attackers to trick users int... Read more

    Affected Products : moodle
    • Published: Jul. 16, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-4129

    (1) services/twitter/twitter-contact-view.c and (2) services/twitter/twitter-item-view.c in libsocialweb before 0.25.20 automatically connect to Twitter when no Twitter account is set, which might allow remote attackers to obtain sensitive information via... Read more

    Affected Products : libsocialweb libsocialweb
    • Published: Oct. 22, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-4056

    An unspecified ActiveX control in ActBar.ocx in Siemens Tecnomatix FactoryLink 6.6.1 (aka 6.6 SP1), 7.5.217 (aka 7.5 SP2), and 8.0.2.54 allows remote attackers to create or overwrite arbitrary files via the save method.... Read more

    Affected Products : tecnomatix_factorylink
    • Published: Jan. 08, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-4136

    django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggerin... Read more

    Affected Products : django
    • Published: Oct. 19, 2011
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-4044

    An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to modify files via calls to unknown methods.... Read more

    Affected Products : frontvue pcvue plantvue
    • Published: Apr. 03, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2013-4962

    The reset password page in Puppet Enterprise before 3.0.1 does not force entry of the current password, which allows attackers to modify user passwords by leveraging session hijacking, an unattended workstation, or other vectors.... Read more

    Affected Products : puppet_enterprise
    • Published: Aug. 20, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2010-3544

    Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect integrity and availability via unknown vectors related to Administration. NOTE: the previ... Read more

    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-1452

    Google Chrome before 11.0.696.57 allows user-assisted remote attackers to spoof the URL bar via vectors involving a redirect and a manual reload.... Read more

    Affected Products : chrome
    • Published: May. 03, 2011
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-3599

    The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force... Read more

    Affected Products : perl crypt-dsa
    • Published: Oct. 10, 2011
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-2701

    The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client cer... Read more

    Affected Products : freeradius
    • Published: Aug. 04, 2011
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-2260

    Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Products Suite 2.1.1 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Administration.... Read more

    Affected Products : glassfish_server sun_products_suite
    • Published: Jul. 20, 2011
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2009-0582

    The ntlm_challenge function in the NTLM SASL authentication mechanism in camel/camel-sasl-ntlm.c in Camel in Evolution Data Server (aka evolution-data-server) 2.24.5 and earlier, and 2.25.92 and earlier 2.25.x versions, does not validate whether a certain... Read more

    Affected Products : evolution-data-server
    • Published: Mar. 14, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2011-1775

    The CSecurityTLS::processMsg function in common/rfb/CSecurityTLS.cxx in the vncviewer component in TigerVNC 1.1beta1 does not properly verify the server's X.509 certificate, which allows man-in-the-middle attackers to spoof a TLS VNC server via an arbitra... Read more

    Affected Products : tigervnc
    • Published: May. 26, 2011
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-1744

    EMC Captiva eInput 2.1.1 before 2.1.1.37 does not restrict the origin of calls to ActiveX functions, which allows remote attackers to read arbitrary files or cause a denial of service via a crafted web site.... Read more

    Affected Products : captiva_einput
    • Published: Aug. 01, 2011
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-1446

    Google Chrome before 11.0.696.57 allows remote attackers to spoof the URL bar via vectors involving (1) a navigation error or (2) an interrupted load.... Read more

    Affected Products : chrome
    • Published: May. 03, 2011
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-1419

    Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability ... Read more

    Affected Products : tomcat
    • Published: Mar. 14, 2011
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-1411

    Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."... Read more

    • Published: Sep. 02, 2011
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2008-3744

    Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.10 and 6.x before 6.4 allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) delete user access rules.... Read more

    Affected Products : drupal
    • Published: Aug. 27, 2008
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2011-1325

    Cross-site request forgery (CSRF) vulnerability in EC-CUBE before 2.11.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.... Read more

    Affected Products : ec-cube ec-cube
    • Published: May. 13, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 294848 Results