Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2024-7625

    In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive headers target the ... Read more

    Affected Products : nomad
    • Published: Aug. 15, 2024
    • Modified: Sep. 25, 2024

  • 5.8

    MEDIUM
    CVE-2013-2044

    Open redirect vulnerability in the Login Page (index.php) in ownCloud before 5.0.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter.... Read more

    Affected Products : owncloud owncloud_server
    • Published: Mar. 14, 2014
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2022-36112

    GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Usage of RSS feeds or extenal calendar in planning is subjec... Read more

    Affected Products : glpi
    • Published: Sep. 14, 2022
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2012-5647

    Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATH_INFO.... Read more

    Affected Products : openshift openshift_origin
    • Published: Feb. 24, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2018-16086

    Insufficient policy enforcement in extensions API in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.... Read more

    Affected Products : chrome
    • Published: Jun. 27, 2019
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2012-3689

    WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site.... Read more

    Affected Products : safari
    • Published: Jul. 25, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2012-3314

    IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, 6.2.1, and 6.2.2 allow remote attackers to establish sessions via a crafted message that leverages (1) a signature-validation bypass... Read more

    • Published: Oct. 02, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2002-2352

    The NBActiveX.ocx ActiveX control in NeoBook 4 allows remote attackers to install and execute arbitrary programs.... Read more

    Affected Products : neobook
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2012-0294

    Directory traversal vulnerability in the Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to delete files via unspecified vectors.... Read more

    Affected Products : endpoint_protection
    • Published: May. 23, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-4354

    crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P... Read more

    Affected Products : openssl
    • Published: Jan. 27, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-1594

    Open redirect vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url_bounce parameter.... Read more

    Affected Products : spacewalk network_satellite
    • Published: Feb. 05, 2014
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-0717

    Session fixation vulnerability in Red Hat Network (RHN) Satellite Server 5.4 allows remote attackers to hijack web sessions via unspecified vectors related to Spacewalk.... Read more

    Affected Products : network_satellite_server
    • Published: Feb. 25, 2011
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2010-4437

    Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.0, 9.1, 9.2.4, 10.0.2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet Container.... Read more

    Affected Products : fusion_middleware
    • Published: Jan. 19, 2011
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2010-3545

    Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Administration.... Read more

    Affected Products : sun_products_suite
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2010-2732

    Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified ... Read more

    Affected Products : forefront_unified_access_gateway
    • Published: Nov. 10, 2010
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2009-3936

    Unspecified vulnerability in Citrix Online Plug-in for Windows 11.0.x before 11.0.150 and 11.x before 11.2, Online Plug-in for Mac before 11.0, Receiver for iPhone before 1.0.3, and ICA Java, Mac, UNIX, and Windows Clients for XenApp and XenDesktop allows... Read more

    • Published: Nov. 13, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2009-3832

    Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site.... Read more

    Affected Products : opera_browser windows
    • Published: Oct. 30, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2009-2831

    Dictionary in Apple Mac OS X 10.5.8 allows remote attackers to create arbitrary files with any contents, and thereby execute arbitrary code, via crafted JavaScript, related to a "design issue."... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Nov. 10, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2009-2060

    src/net/http/http_transaction_winhttp.cc in Google Chrome before 1.0.154.53 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to... Read more

    Affected Products : chrome
    • Published: Jun. 15, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2013-1926

    The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a c... Read more

    Affected Products : ubuntu_linux opensuse icedtea-web
    • Published: Apr. 29, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 294826 Results