Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2008-0058

    Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via unspecified manipulations that cause messages to be sent to a deallocated object.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Mar. 18, 2008
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2007-6755

    The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent att... Read more

    • Published: Oct. 11, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2008-0032

    Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a movie file containing a Macintosh Resource record with a modified length value in the resource header, which triggers heap corruption.... Read more

    Affected Products : quicktime
    • Published: Jan. 16, 2008
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2025-9402

    A vulnerability was found in HuangDou UTCMS 9. This issue affects some unknown processing of the file app/modules/ut-frame/admin/update.php of the component Config Handler. Performing manipulation of the argument UPDATEURL results in server-side request f... Read more

    Affected Products : usualtoolcms
    • Published: Aug. 25, 2025
    • Modified: Aug. 25, 2025
    • Vuln Type: Server-Side Request Forgery

  • 5.8

    MEDIUM
    CVE-2007-6662

    Directory traversal vulnerability in file.php in CuteNews 2.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, as demonstrated by reading the admin username and password hash in data/users.db.php.... Read more

    Affected Products : cutenews
    • Published: Jan. 04, 2008
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2011-1814

    Google Chrome before 12.0.742.91 attempts to read data from an uninitialized pointer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.... Read more

    Affected Products : chrome
    • Published: Jun. 09, 2011
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-1766

    includes/User.php in MediaWiki before 1.16.5, when wgBlockDisablesLogin is enabled, does not clear certain cached data after verification of an auth token fails, which allows remote attackers to bypass authentication by creating crafted wikiUserID and wik... Read more

    Affected Products : mediawiki
    • Published: May. 23, 2011
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-1575

    The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after... Read more

    Affected Products : pure-ftpd
    • Published: May. 23, 2011
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-1428

    Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an... Read more

    Affected Products : weechat
    • Published: Mar. 16, 2011
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-1355

    Open redirect vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage parameter.... Read more

    Affected Products : websphere_application_server
    • Published: Jul. 19, 2011
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-1088

    Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.... Read more

    Affected Products : tomcat
    • Published: Mar. 14, 2011
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-0989

    The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cau... Read more

    Affected Products : mono moonlight
    • Published: Apr. 13, 2011
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2019-18466

    An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing p... Read more

    Affected Products : libpod
    • Published: Oct. 28, 2019
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2010-3900

    Midori before 0.2.5, when WebKitGTK+ before 1.1.14 or LibSoup before 2.29.91 is used, does not verify X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted server certificate, a related issue to CVE-... Read more

    Affected Products : midori
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2019-17569

    The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP R... Read more

    • Published: Feb. 24, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2010-0744

    aMSN (aka Alvaro's Messenger) 0.98.3 and earlier, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-th... Read more

    Affected Products : alvaros_messenger
    • Published: Apr. 20, 2010
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2007-6605

    Buffer overflow in a certain ActiveX control in SkyFexClient.ocx 1.0.2.77 in SkyFex Client 1.0 allows remote attackers to execute arbitrary code via long strings in the first four arguments to the Start method.... Read more

    Affected Products : skyfex_client
    • Published: Dec. 31, 2007
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2019-17151

    This vulnerability allows remote attackers redirect users to an external resource on affected installations of Tencent WeChat Prior to 7.0.9. User interaction is required to exploit this vulnerability in that the target must be within a chat session toget... Read more

    Affected Products : wechat
    • Published: Jan. 07, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2009-1580

    Session fixation vulnerability in SquirrelMail before 1.4.18 allows remote attackers to hijack web sessions via a crafted cookie.... Read more

    Affected Products : squirrelmail
    • Published: May. 14, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2009-0483

    Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.22 before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete keywords and user preferences via a link or IMG tag to (1) editkeywords.cgi or (2) u... Read more

    Affected Products : bugzilla
    • Published: Feb. 09, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 294837 Results