Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2020-15793

    A vulnerability has been identified in Desigo Insight (All versions). The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify da... Read more

    Affected Products : desigo_insight
    • Published: Oct. 15, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2011-1244

    Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka "Frame Tag Information Discl... Read more

    • Published: Apr. 13, 2011
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-1183

    Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability ... Read more

    Affected Products : tomcat
    • Published: Apr. 08, 2011
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-1099

    Multiple directory traversal vulnerabilities in FocalMedia.Net Quick Polls before 1.0.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the p parameter in a preview action to index.php, or (2) delete arbitrary files via a .. (dot ... Read more

    Affected Products : quick_polls
    • Published: Mar. 09, 2011
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-0803

    Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 8.9 GA through 8.98.4.1, and OneWorld Tools through 24.1.3, allows remote attackers to affect integrity and availability, related to Enterprise Infrast... Read more

    • Published: Apr. 20, 2011
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2020-15516

    The mm_forum extension through 1.9.5 for TYPO3 allows XSS that can be exploited via CSRF.... Read more

    Affected Products : mm_forum
    • Published: Jul. 07, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2011-0440

    Cross-site request forgery (CSRF) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that delete blogs.... Read more

    Affected Products : mahara
    • Published: Mar. 28, 2011
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2020-1982

    Certain communication between PAN-OS and cloud-delivered services inadvertently use TLS 1.0, which is known to be a cryptographically weak protocol. These cloud services include Cortex Data Lake, the Customer Support Portal, and the Prisma Access infrastr... Read more

    Affected Products : pan-os
    • Published: Jul. 08, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2020-15408

    An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. An authenticated attacker can access the admin page console via the end-user web interface because of a rewrite.... Read more

    • Published: Jul. 28, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2019-3022

    Vulnerability in the Oracle Content Manager product of Oracle E-Business Suite (component: Content). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network ac... Read more

    Affected Products : content_manager
    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2011-0166

    The HTML5 drag and drop functionality in WebKit in Apple Safari before 5.0.4 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via vectors related to the dragging of content. NOTE: this might overlap ... Read more

    Affected Products : safari webkit
    • Published: Mar. 11, 2011
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2020-15211

    In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output ... Read more

    Affected Products : leap tensorflow
    • Published: Sep. 25, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2010-1834

    CFNetwork in Apple Mac OS X 10.6.x before 10.6.5 does not properly validate the domains of cookies, which makes it easier for remote web servers to track users by setting a cookie that is associated with a partial IP address.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Nov. 15, 2010
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-2467

    SQL injection vulnerability in lsassd in Lsass in the Likewise Security Authority in Likewise Open 5.4 through 6.1, and Likewise Enterprise 6.0, allows local users to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : likewise_open
    • Published: Jul. 27, 2011
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2020-15111

    In Fiber before version 1.12.6, the filename that is given in c.Attachment() (https://docs.gofiber.io/ctx#attachment) is not escaped, and therefore vulnerable for a CRLF injection attack. I.e. an attacker could upload a custom filename and then give the l... Read more

    Affected Products : fiber
    • Published: Jul. 20, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2010-3918

    Fenrir Sleipnir 2.9.6 and earlier does not prevent interaction between web script and the clipboard, which allows remote attackers to read or modify the clipboard contents via a crafted web site.... Read more

    Affected Products : sleipnir
    • Published: Dec. 10, 2010
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2010-3868

    Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System do not require authentication for requests to decrypt SCEP one-time PINs, which allows remote attackers to obtain PINs by sniffing the network for SCEP requests and then sending dec... Read more

    • Published: Nov. 17, 2010
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2010-3842

    Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when the --remote-header-name or -J option is used, allows remote servers to create or overwrite arbitrary files by using \ (backslash) as a separator of path components within the Conte... Read more

    Affected Products : curl curl
    • Published: Oct. 28, 2010
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2010-3473

    Open redirect vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.... Read more

    Affected Products : filenet_p8_application_engine
    • Published: Sep. 20, 2010
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2010-3399

    The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointer for seeding of a random number generator, which makes... Read more

    Affected Products : firefox
    • Published: Sep. 15, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 294848 Results