Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2006-5179

    Intoto iGateway VPN and iGateway SSL-VPN allow context-dependent attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra ti... Read more

    Affected Products : igateway_ssl-vpn igateway_vpn
    • EPSS Score: %0.33
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 5.4

    MEDIUM
    CVE-2006-6896

    The Bluetooth stack in the Plantronic Headset does not properly implement Non-pairable mode, which allows remote attackers to conduct unauthorized pair-up operations.... Read more

    Affected Products : headset
    • EPSS Score: %0.31
    • Published: Dec. 31, 2006
    • Modified: Apr. 09, 2025

  • 5.4

    MEDIUM
    CVE-2007-0661

    Intel Enterprise Southbridge 2 Baseboard Management Controller (BMC), Intel Server Boards 5000XAL, S5000PAL, S5000PSL, S5000XVN, S5000VCL, S5000VSA, SC5400RA, and OEM Firmware for Intel Enterprise Southbridge Baseboard Management Controller before 2007011... Read more

    • EPSS Score: %0.36
    • Published: Feb. 01, 2007
    • Modified: Apr. 09, 2025

  • 5.4

    MEDIUM
    CVE-2023-27070

    A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field.... Read more

    Affected Products : openplatform
    • EPSS Score: %0.09
    • Published: Mar. 14, 2023
    • Modified: Feb. 27, 2025

  • 5.4

    MEDIUM
    CVE-2014-7491

    The Short Stories (aka com.ireadercity.c48) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : short_stories
    • EPSS Score: %0.04
    • Published: Oct. 20, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2009-2458

    Unspecified vulnerability in Sun Fire V215 Server, when using XVR-100 graphic cards on system boards with part number 375-3463 and a hardware dash level -04 or later, allows remote attackers to cause a denial of service (panic) via unknown vectors.... Read more

    Affected Products : sun_fire_server
    • EPSS Score: %0.69
    • Published: Jul. 14, 2009
    • Modified: Apr. 09, 2025

  • 5.4

    MEDIUM
    CVE-2009-5098

    The LunaSysMgr process in Palm Pre WebOS 1.1 and earlier, when not viewing web pages in landscape mode, allows remote attackers to cause a denial of service (crash) via a web page containing a long string following a refresh tag, which triggers a floating... Read more

    Affected Products : palm_pre_webos
    • EPSS Score: %19.82
    • Published: Sep. 13, 2011
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2013-4669

    FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and FortiClient SSL VPN before 4.0.2258 on Linux proceed with... Read more

    • EPSS Score: %0.13
    • Published: Jun. 25, 2013
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2012-4094

    Buffer overflow in the Smart Call Home feature in the fabric interconnect in Cisco Unified Computing System (UCS) allows remote attackers to cause a denial of service by reading and forging control messages associated with Smart Call Home reports, aka Bug... Read more

    Affected Products : unified_computing_system
    • EPSS Score: %0.84
    • Published: Sep. 24, 2013
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2020-21101

    Cross Site Scriptiong vulnerabilityin Screenly screenly-ose all versions, including v1.8.2 (2019-09-25-Screenly-OSE-lite.img), in the 'Add Asset' page via manipulation of a 'URL' field, which could let a remote malicious user execute arbitrary code.... Read more

    Affected Products : screenly
    • EPSS Score: %0.25
    • Published: Apr. 29, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2013-5223

    Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ntpServer1 parameter to sntpcfg.cgi, username parameter to (2) ddnsmngr.cmd or (3... Read more

    Affected Products : dsl-2760u dsl-2760u_firmware
    • Actively Exploited
    • EPSS Score: %35.46
    • Published: Nov. 19, 2013
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2013-6693

    The MLDP implementation in Cisco IOS 15.3(3)S and earlier on 7600 routers, when many VRFs are configured, allows remote attackers to cause a denial of service (chunk corruption and device reload) by establishing many multicast flows, aka Bug ID CSCue22345... Read more

    Affected Products : ios 7600_router
    • EPSS Score: %0.37
    • Published: Nov. 22, 2013
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2013-7308

    The OSPF implementation on the D-Link DES-3810-28 switch with firmware R2.20.B017 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows ... Read more

    Affected Products : des-3810-28_firmware des-3810-28
    • EPSS Score: %0.04
    • Published: Jan. 23, 2014
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2013-7310

    The OSPF implementation on Yamaha routers does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote attackers to cause a denial of se... Read more

    Affected Products : rt107e rtx1000 rtx1100 rtx1500 srt100 fwx120 rt105 rt140 rt250i rt300i +4 more products
    • EPSS Score: %0.20
    • Published: Jan. 23, 2014
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2013-7311

    The OSPF implementation in Check Point Gaia OS R75.X and R76 and IPSO OS 6.2 R75.X and R76 does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, whic... Read more

    Affected Products : gaia_os ipso_os
    • EPSS Score: %0.20
    • Published: Jan. 23, 2014
    • Modified: Apr. 11, 2025

  • 5.4

    MEDIUM
    CVE-2021-26549

    An XSS issue was discovered in SmartFoxServer 2.17.0. Input passed to the AdminTool console is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affe... Read more

    Affected Products : smartfoxserver
    • EPSS Score: %1.43
    • Published: Feb. 09, 2021
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2014-3347

    Cisco IOS 15.1(4)M2 on Cisco 1800 ISR devices, when the ISDN Basic Rate Interface is enabled, allows remote attackers to cause a denial of service (device hang) by leveraging knowledge of the ISDN phone number to trigger an interrupt timer collision durin... Read more

    • EPSS Score: %0.46
    • Published: Aug. 28, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-5531

    The Abode (aka abode.webview) application 1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : abode
    • EPSS Score: %0.04
    • Published: Sep. 09, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-5541

    The Hidden Memory - Aladdin FREE! (aka air.com.differencegames.hmaladdinfree) application 1.0.31 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information vi... Read more

    Affected Products : hidden_memory_-_aladdin_free\!
    • EPSS Score: %0.04
    • Published: Sep. 09, 2014
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2014-5542

    The Hidden Object Mystery (aka air.com.differencegames.hodetectivemysteryfree) application 1.0.65 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information v... Read more

    Affected Products : hidden_object_mystery
    • EPSS Score: %0.04
    • Published: Sep. 09, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 291638 Results