Latest CVE Feed
-
4.3
MEDIUMCVE-2017-1002024
Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files.... Read more
- Published: Sep. 14, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2017-15430
Insufficient data validation in Chromecast plugin in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.... Read more
Affected Products : chrome- Published: Aug. 28, 2018
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2024-47554
Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 ... Read more
- Published: Oct. 03, 2024
- Modified: Jul. 10, 2025
-
4.3
MEDIUMCVE-2017-12279
A vulnerability in the packet processing code of Cisco IOS Software for Cisco Aironet Access Points could allow an unauthenticated, adjacent attacker to retrieve content from memory on an affected device, which could lead to the disclosure of confidential... Read more
Affected Products : aironet_ap_firmware aironet_access_point_software aironet_access_point_software aironet_ap- Published: Nov. 02, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2017-15321
Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an information leak vulnerability due to the use of a low version transmission protocol by default. An attacker could intercept packets transferred by a target device. Successful exploit could cau... Read more
- Published: Dec. 22, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2024-43927
Cross-Site Request Forgery (CSRF) vulnerability in Till Krüss Email Address Encoder allows Cross Site Request Forgery.This issue affects Email Address Encoder: from n/a through 1.0.23.... Read more
Affected Products : email_address_encoder- Published: Jan. 02, 2025
- Modified: Jan. 02, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2017-12365
A vulnerability in Cisco WebEx Event Center could allow an authenticated, remote attacker to view unlisted meeting information. The vulnerability is due to a design flaw in the product. An attacker could execute a query on an Event Center site to view sch... Read more
Affected Products : webex_meeting_center- Published: Nov. 30, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2017-12157
In Moodle 3.x, various course reports allow teachers to view details about users in the groups they can't access.... Read more
Affected Products : moodle- Published: Sep. 18, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2020-6810
After a website had entered fullscreen mode, it could have used a previously opened popup to obscure the notification that indicates the browser is in fullscreen mode. Combined with spoofing the browser chrome, this could have led to confusing the user ab... Read more
Affected Products : firefox- Published: Mar. 25, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2020-6571
Insufficient data validation in Omnibox in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.... Read more
- Published: Sep. 21, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2023-44320
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.2.2), SCALA... Read more
- Published: Nov. 14, 2023
- Modified: Feb. 11, 2025
-
4.3
MEDIUMCVE-2017-10175
Vulnerability in the Oracle iSupport component of Oracle E-Business Suite (subcomponent: Profiles). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows low privileged ... Read more
Affected Products : isupport- Published: Aug. 08, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2020-8216
An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID.... Read more
- Published: Jul. 30, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2017-10164
Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Staffing Front Office). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network acce... Read more
- Published: Oct. 19, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2017-10081
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated ... Read more
Affected Products : debian_linux active_iq_unified_manager cloud_backup oncommand_balance oncommand_insight oncommand_performance_manager oncommand_unified_manager jdk jre e-series_santricity_os_controller +9 more products- Published: Aug. 08, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2023-4302
A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials ... Read more
Affected Products : fortify- Published: Aug. 21, 2023
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2017-15353
Huawei DP300, V500R002C00, RP200, V500R002C00, V600R006C00, RSE6500, V500R002C00, TE30, V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00, V600R006C00, TE60, V100R001C01, V100R001C10, V500R002C00, V600R0... Read more
Affected Products : rse6500_firmware vp9660_firmware dp300_firmware te60_firmware viewpoint_9030_firmware rp200_firmware te30_firmware te40_firmware te50_firmware viewpoint_8660_firmware +12 more products- Published: Feb. 15, 2018
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2017-10071
Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: All Modules). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0 and 12.3.0. Easily expl... Read more
Affected Products : flexcube_universal_banking- Published: Aug. 08, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2025-1922
Inappropriate implementation in Selection in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)... Read more
- Published: Mar. 05, 2025
- Modified: Apr. 01, 2025
-
4.3
MEDIUMCVE-2017-15338
The SIP module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP630... Read more
Affected Products : nip6800_firmware secospace_usg6600_firmware usg9500_firmware vp9660_firmware espace_u1981_firmware dp300_firmware te60_firmware viewpoint_9030_firmware secospace_usg6300_firmware rp200_firmware +42 more products- Published: Feb. 15, 2018
- Modified: Nov. 21, 2024