Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2015-6138

    Microsoft Internet Explorer 8 through 11 mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified vectors, aka "Internet Explorer XSS Filter Bypass Vulnerabilit... Read more

    Affected Products : internet_explorer
    • Published: Dec. 09, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2007-5162

    The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for r... Read more

    Affected Products : ruby
    • Published: Oct. 01, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2015-6052

    The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript and JScript ASLR... Read more

    Affected Products : internet_explorer vbscript jscript
    • Published: Oct. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6356

    Cross-site scripting (XSS) vulnerability in the WeChat page in Cisco Social Miner 10.0(1) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuw60212.... Read more

    Affected Products : socialminer
    • Published: Nov. 04, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-3429

    Cross-site scripting (XSS) vulnerability in example.html in Genericons before 3.3.1, as used in WordPress before 4.2.2, allows remote attackers to inject arbitrary web script or HTML via a fragment identifier.... Read more

    Affected Products : debian_linux wordpress genericons
    • Published: Jun. 17, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2007-2581

    Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "e... Read more

    • Published: May. 09, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-3493

    Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept functi... Read more

    Affected Products : python
    • Published: Oct. 19, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-6046

    Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."... Read more

    Affected Products : internet_explorer
    • Published: Oct. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-4867

    Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 allows remote attackers to affect integrity via unknown vectors related to Content Server, a different vulnerability than CVE-2015-4880.... Read more

    Affected Products : fusion_middleware
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-6115

    Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka ".NET ASLR Bypass."... Read more

    Affected Products : .net_framework
    • Published: Nov. 11, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2007-1894

    Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function.... Read more

    Affected Products : wordpress
    • Published: Apr. 09, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2015-6374

    The web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attac... Read more

    • Published: Nov. 19, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2011-2314

    Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors related to JavaServer Pages.... Read more

    Affected Products : fusion_middleware
    • Published: Oct. 18, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-0781

    Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) message, (2) pagename, and (3) target filenames.... Read more

    Affected Products : moinmoin moinmoin
    • Published: Feb. 14, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2020-6314

    SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is ca... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • Published: Sep. 09, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-3626

    Cross-site scripting (XSS) vulnerability in the DHCP Monitor page in the Web User Interface (WebUI) in Fortinet FortiOS before 5.2.4 on FortiGate devices allows remote attackers to inject arbitrary web script or HTML via a crafted hostname.... Read more

    Affected Products : fortios
    • Published: Aug. 11, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2022-45398

    A cross-site request forgery (CSRF) vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics.... Read more

    Affected Products : cluster_statistics
    • Published: Nov. 15, 2022
    • Modified: Apr. 30, 2025

  • 4.3

    MEDIUM
    CVE-2020-4749

    IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. ... Read more

    Affected Products : spectrum_scale
    • Published: Oct. 20, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-36422

    Rating increase/decrease via race condition in Lester 'GaMerZ' Chan WP-PostRatings plugin <= 1.89 at WordPress.... Read more

    Affected Products : wp-postratings
    • Published: Sep. 09, 2022
    • Modified: Feb. 20, 2025

  • 4.3

    MEDIUM
    CVE-2010-1453

    Cross-site scripting (XSS) vulnerability in the Login form in Piwik 0.1.6 through 0.5.5 allows remote attackers to inject arbitrary web script or HTML via the form_url parameter.... Read more

    Affected Products : matomo piwik
    • Published: May. 07, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 294519 Results