Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2018-16086

    Insufficient policy enforcement in extensions API in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.... Read more

    Affected Products : chrome
    • Published: Jun. 27, 2019
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2012-3689

    WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site.... Read more

    Affected Products : safari
    • Published: Jul. 25, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2012-3314

    IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, 6.2.1, and 6.2.2 allow remote attackers to establish sessions via a crafted message that leverages (1) a signature-validation bypass... Read more

    • Published: Oct. 02, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2002-2352

    The NBActiveX.ocx ActiveX control in NeoBook 4 allows remote attackers to install and execute arbitrary programs.... Read more

    Affected Products : neobook
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2012-0294

    Directory traversal vulnerability in the Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to delete files via unspecified vectors.... Read more

    Affected Products : endpoint_protection
    • Published: May. 23, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-4354

    crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P... Read more

    Affected Products : openssl
    • Published: Jan. 27, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-1594

    Open redirect vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url_bounce parameter.... Read more

    Affected Products : spacewalk network_satellite
    • Published: Feb. 05, 2014
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2011-0717

    Session fixation vulnerability in Red Hat Network (RHN) Satellite Server 5.4 allows remote attackers to hijack web sessions via unspecified vectors related to Spacewalk.... Read more

    Affected Products : network_satellite_server
    • Published: Feb. 25, 2011
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2010-4437

    Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.0, 9.1, 9.2.4, 10.0.2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet Container.... Read more

    Affected Products : fusion_middleware
    • Published: Jan. 19, 2011
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2010-3545

    Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Administration.... Read more

    Affected Products : sun_products_suite
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2010-2732

    Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified ... Read more

    Affected Products : forefront_unified_access_gateway
    • Published: Nov. 10, 2010
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2009-3936

    Unspecified vulnerability in Citrix Online Plug-in for Windows 11.0.x before 11.0.150 and 11.x before 11.2, Online Plug-in for Mac before 11.0, Receiver for iPhone before 1.0.3, and ICA Java, Mac, UNIX, and Windows Clients for XenApp and XenDesktop allows... Read more

    • Published: Nov. 13, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2009-3832

    Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site.... Read more

    Affected Products : opera_browser windows
    • Published: Oct. 30, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2009-2831

    Dictionary in Apple Mac OS X 10.5.8 allows remote attackers to create arbitrary files with any contents, and thereby execute arbitrary code, via crafted JavaScript, related to a "design issue."... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Nov. 10, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2009-2060

    src/net/http/http_transaction_winhttp.cc in Google Chrome before 1.0.154.53 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to... Read more

    Affected Products : chrome
    • Published: Jun. 15, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2013-1926

    The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensitive information or possibly alter other applets via a c... Read more

    Affected Products : ubuntu_linux opensuse icedtea-web
    • Published: Apr. 29, 2013
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2008-7215

    The Image Manager in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to rename arbitrary files and cause a denial of service via modified file[NewFile][name], file[NewFile][tmp_name], and file[NewFile][size] parameters in ... Read more

    Affected Products : mambo mostlyce
    • Published: Sep. 11, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2008-0031

    Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Sorenson 3 video file, which triggers memory corruption.... Read more

    Affected Products : quicktime
    • Published: Jan. 16, 2008
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2007-2929

    The IBM Lenovo Access Support acpRunner ActiveX control, as distributed in acpcontroller.dll before 1.2.8.0 and possibly acpir.dll before 1.0.0.9 (Automated Solutions 1.0 before fix pack 1), exposes unsafe methods to arbitrary web domains, which allows re... Read more

    Affected Products : access_support automated_solutions
    • Published: Aug. 15, 2007
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2018-11456

    A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4). An attacker with network access to the device could send specially crafted network packets to determine whether or not a network port on another remote system is... Read more

    Affected Products : automation_license_manager
    • Published: Aug. 07, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294846 Results