Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2014-2247

    The integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to inject headers via unspecified vectors.... Read more

    Affected Products : simatic_s7-1500_cpu_firmware
    • Published: Mar. 16, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2009-4353

    The Mobile Edition of TransWARE Active! mail 2003 build 2003.0139.0871 and earlier, and possibly other versions before 2003.0139.0911, does not remove the session ID in a Referer URL, which allows remote attackers to hijack web sessions via vectors such a... Read more

    Affected Products : active\!_mail
    • Published: Dec. 17, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2014-0460

    Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI.... Read more

    • Published: Apr. 16, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2014-3633

    The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt before 1.2.9, when a disk has been hot-plugged or removed from the live image, allows remote attackers to cause a denial of service (crash) or read sensitive heap information via a cra... Read more

    Affected Products : ubuntu_linux libvirt
    • Published: Oct. 06, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2009-4071

    Opera before 10.10, when exception stacktraces are enabled, places scripting error messages from a web site into variables that can be read by a different web site, which allows remote attackers to obtain sensitive information or conduct cross-site script... Read more

    Affected Products : opera_browser
    • Published: Nov. 24, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2009-1694

    WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS element... Read more

    Affected Products : safari
    • Published: Jun. 10, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2013-6444

    PyWBEM 0.7 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid ... Read more

    Affected Products : pywbem
    • Published: May. 05, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2009-3860

    Multiple insecure method vulnerabilities in Idefense Labs COMRaider allow remote attackers to create or overwrite arbitrary files via the (1) CreateFolder and (2) Copy methods. NOTE: this might only be a vulnerability in certain insecure configurations o... Read more

    Affected Products : comraider
    • Published: Nov. 04, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2009-3639

    The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which ... Read more

    Affected Products : proftpd
    • Published: Oct. 28, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2009-3555

    The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security ... Read more

    • Published: Nov. 09, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2009-2474

    neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a c... Read more

    Affected Products : ubuntu_linux fedora mac_os_x neon
    • Published: Aug. 21, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2009-2323

    The web interface on the Axesstel MV 410R redirects users back to the referring page after execution of some CGI scripts, which makes it easier for remote attackers to avoid detection of cross-site request forgery (CSRF) attacks, as demonstrated by a redi... Read more

    Affected Products : mv_410r
    • Published: Jul. 05, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2009-2057

    Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modify... Read more

    Affected Products : internet_explorer ie
    • Published: Jun. 15, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2009-2069

    Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid cer... Read more

    Affected Products : internet_explorer ie
    • Published: Jun. 15, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2009-1760

    Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar libtorrent before 0.14.4, as used in firetorrent, qBittorrent, deluge Torrent, and other applications, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot)... Read more

    Affected Products : libtorrent
    • Published: Jun. 11, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2009-1064

    Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit Downloader 2.8.7 and earlier ActiveX control allows remote attackers to overwrite arbitrary files via whitespace and a command-line switch, followed by a full pathname, in the third arg... Read more

    Affected Products : orbit_downloader orbit_downloader
    • Published: Mar. 26, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2009-1014

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.19 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerabilit... Read more

    • Published: Apr. 15, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2009-0484

    Cross-site request forgery (CSRF) vulnerability in Bugzilla 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete shared or saved searches via a link or IMG tag to buglist.cgi.... Read more

    Affected Products : bugzilla
    • Published: Feb. 09, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2009-0482

    Cross-site request forgery (CSRF) vulnerability in Bugzilla before 3.2 before 3.2.1, 3.3 before 3.3.2, and other versions before 3.2 allows remote attackers to perform bug updating activities as other users via a link or IMG tag to process_bug.cgi.... Read more

    Affected Products : bugzilla
    • Published: Feb. 09, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2008-7298

    The Android browser in Android cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack ... Read more

    Affected Products : android android_browser
    • Published: Aug. 09, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 294846 Results