Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2011-1819

    Google Chrome before 12.0.742.91 allows remote attackers to perform unspecified injection into a chrome:// page via vectors related to extensions.... Read more

    Affected Products : chrome
    • Published: Jun. 09, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2025-46708

    Software installed and running inside a Guest VM may conduct improper GPU system calls to prevent other Guests from running work on the GPU.... Read more

    Affected Products : ddk
    • Published: Jun. 27, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2018-17473

    Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name.... Read more

    • Published: Nov. 14, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2011-1726

    Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13, 11.01, and 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : sitescope
    • Published: May. 03, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-1712

    The txXPathNodeUtils::getXSLTId function in txMozillaXPathTreeWalker.cpp and txStandaloneXPathTreeWalker.cpp in Mozilla Firefox before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1, and SeaMonkey before 2.0.14, allows remote attackers to obtain potent... Read more

    Affected Products : firefox seamonkey
    • Published: Apr. 15, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-2862

    The Object Groups for Access Control Lists (ACLs) feature in Cisco IOS 12.2XNB, 12.2XNC, 12.2XND, 12.4MD, 12.4T, 12.4XZ, and 12.4YA allows remote attackers to bypass intended access restrictions via crafted requests, aka Bug IDs CSCsx07114, CSCsu70214, CS... Read more

    Affected Products : ios
    • Published: Sep. 28, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2013-5796

    Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to Web Services.... Read more

    Affected Products : siebel_crm
    • Published: Oct. 16, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-1690

    Best Practical Solutions RT 3.6.0 through 3.6.10 and 3.8.0 through 3.8.8 allows remote attackers to trick users into sending credentials to an arbitrary server via unspecified vectors.... Read more

    Affected Products : rt request_tracker
    • Published: Apr. 22, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-5828

    Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.2 and 12.1.0.3 allows... Read more

    • Published: Oct. 16, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2002-2129

    Cross-site scripting vulnerability (XSS) in editform.php for w-Agora 4.1.5 allows remote attackers to execute arbitrary web script via an arbitrary form field name containing the script, which is echoed back to the user when displaying the form.... Read more

    Affected Products : w-agora
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2013-5863

    Unspecified vulnerability in Oracle Solaris 11.1 allows remote attackers to affect integrity via vectors related to IPS repository daemon.... Read more

    Affected Products : solaris sunos
    • Published: Oct. 16, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2002-1803

    Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.... Read more

    Affected Products : php-nuke
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2013-5900

    Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.0, and 11.1.2.1 allows remote attackers to affect integrity via unknown vectors related to End User Self Service.... Read more

    Affected Products : fusion_middleware
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-5911

    Cross-site scripting (XSS) vulnerability in devform.php in Tenable SecurityCenter 4.6 through 4.7 allows remote attackers to inject arbitrary web script or HTML via the message parameter.... Read more

    Affected Products : securitycenter
    • Published: Sep. 24, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2002-1702

    Cross-site scripting vulnerability (XSS) in DeltaScripts PHP Classifieds 6.0.5 allows remote attackers to execute arbitrary script as other users via the URL parameter.... Read more

    Affected Products : php_classifieds
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2025-9632

    The PhpList Subber plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the bulk_action_handler function. This makes it possible for unauthentic... Read more

    Affected Products :
    • Published: Sep. 11, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2018-17467

    Insufficiently quick clearing of stale rendered content in Navigation in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.... Read more

    • Published: Nov. 14, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-6017

    Cross-site scripting (XSS) vulnerability in Atmail Webmail Server before 7.2 allows remote attackers to inject arbitrary web script or HTML via the body of an e-mail message, as demonstrated by the SRC attribute of an IFRAME element.... Read more

    Affected Products : atmail
    • Published: Jan. 12, 2014
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-6044

    The is_safe_url function in utils/http.py in Django 1.4.x before 1.4.6, 1.5.x before 1.5.2, and 1.6 before beta 2 treats a URL's scheme as safe even if it is not HTTP or HTTPS, which might introduce cross-site scripting (XSS) or other vulnerabilities into... Read more

    Affected Products : django
    • Published: Oct. 04, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2018-13290

    Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the file_path parameter.... Read more

    Affected Products : router_manager
    • Published: Apr. 01, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 294313 Results