Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2010-3400

    The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses the current time for seeding of a random number generator, which makes it easier for remote attacke... Read more

    Affected Products : firefox seamonkey
    • Published: Sep. 15, 2010
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2010-3312

    Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displays a closed-lock icon for any URL beginning with the https: substring, without any warning to the user, which allows man-in-the-middle attackers to spoof arbitrary https web s... Read more

    Affected Products : epiphany
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2020-14746

    Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Popup windows). Supported versions that are affected are 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with n... Read more

    • Published: Oct. 21, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2010-2388

    Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors.... Read more

    Affected Products : e-business_suite
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2010-1756

    The Settings application in Apple iOS before 4 on the iPhone and iPod touch does not properly report the wireless network that is in use, which might make it easier for remote attackers to trick users into communicating over an unintended network.... Read more

    Affected Products : iphone_os ipod_touch
    • Published: Jun. 22, 2010
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2024-11956

    A vulnerability, which was classified as critical, has been found in Pimcore customer-data-framework up to 4.2.0. Affected by this issue is some unknown functionality of the file /admin/customermanagementframework/customers/list. The manipulation of the a... Read more

    Affected Products : pimcore
    • Published: Jan. 28, 2025
    • Modified: Jan. 28, 2025
    • Vuln Type: Injection

  • 5.8

    MEDIUM
    CVE-2010-1126

    The JavaScript implementation in WebKit allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method.... Read more

    Affected Products : webkit
    • Published: Mar. 26, 2010
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2007-2874

    Buffer overflow in the wpa_printf function in the debugging code in wpa_supplicant in the Fedora NetworkManager package before 0.6.5-3.fc7 allows user-assisted remote attackers to execute arbitrary code via malformed frames on a WPA2 network. NOTE: some ... Read more

    Affected Products : fedora_core
    • Published: Jul. 27, 2007
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2010-0894

    Unspecified vulnerability in the Sun Java System Access Manager component in Oracle Sun Product Suite 7.1, 7 2005Q4, and OpenSSO Enterprise 8.0 allows remote attackers to affect confidentiality and integrity via unknown vectors.... Read more

    • Published: Apr. 13, 2010
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2010-0831

    Directory traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a non-initial pathname component in a filename within a .jar archive, a related... Read more

    Affected Products : fastjar
    • Published: Jun. 18, 2010
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2020-14337

    A data exposure flaw was found in Tower, where sensitive data was revealed from the HTTP return error codes. This flaw allows an unauthenticated, remote attacker to retrieve pages from the default organization and verify existing usernames. The highest th... Read more

    Affected Products : ansible_tower
    • Published: Jul. 31, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2008-7160

    The silc_http_server_parse function in lib/silchttp/silchttpserver.c in the internal HTTP server in silcd in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.9 allows remote attackers to overwrite a stack location and possibly execute arbitrary... Read more

    Affected Products : silc_toolkit
    • Published: Sep. 10, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2010-0467

    Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.... Read more

    Affected Products : joomla\! com_ccnewsletter
    • Published: Feb. 02, 2010
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2010-0396

    Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive.... Read more

    Affected Products : dpkg
    • Published: Mar. 15, 2010
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2020-14194

    Zulip Server before 2.1.5 allows reverse tabnapping via a topic header link.... Read more

    Affected Products : zulip_server
    • Published: Aug. 21, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2020-14154

    Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate.... Read more

    Affected Products : ubuntu_linux mutt
    • Published: Jun. 15, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2010-0217

    Zeacom Chat Server before 5.1 uses too short a random string for the JSESSIONID value, which makes it easier for remote attackers to hijack sessions or cause a denial of service (Chat Server crash or Tomcat daemon crash) via a brute-force attack.... Read more

    Affected Products : chat_server
    • Published: May. 20, 2011
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2009-5032

    The encrypted e-mail feature in IBM Lotus Notes Traveler before 8.5.0.2 sends unencrypted messages when the feature is used without uploading a Notes ID file, which makes it easier for remote attackers to obtain sensitive information by sniffing the netwo... Read more

    Affected Products : lotus_notes_traveler notes_traveler
    • Published: Dec. 16, 2010
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2009-4833

    MySQL Connector/NET before 6.0.4, when using encryption, does not verify SSL certificates during connection, which allows remote attackers to perform a man-in-the-middle attack with a spoofed SSL certificate.... Read more

    Affected Products : mysql_connector\/net
    • Published: Apr. 29, 2010
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2019-17595

    There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.... Read more

    Affected Products : leap ncurses
    • Published: Oct. 14, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 294846 Results