Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2006-1295

    Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP 1.8.2-g allows remote attackers to inject arbitrary web script or HTML via the recherche parameter.... Read more

    Affected Products : spip
    • Published: Mar. 19, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2010-1639

    The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length.... Read more

    Affected Products : clamav
    • Published: May. 26, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2006-3060

    Cross-site scripting (XSS) vulnerability in P.A.I.D 2.2 allows remote attackers to inject arbitrary web script or HTML via the (1) read parameter in index.php, (2) farea parameter in faq.php, and (3) unspecified input fields on the "My Account" login page... Read more

    Affected Products : p.a.i.d
    • Published: Jun. 19, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2010-1762

    Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML in a TEXTAR... Read more

    • Published: Jun. 11, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2006-1266

    Cross-site scripting (XSS) vulnerability in Service_Requests.asp in VPMi Enterprise 3.3 allows remote attackers to inject arbitrary web script or HTML via the Request_Name_Display parameter.... Read more

    Affected Products : vpmi_enterprise
    • Published: Mar. 19, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2013-3762

    Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.2, 12.1.0.3, and 12.1... Read more

    • Published: Oct. 16, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-1808

    Microsoft Office 2013 Gold, SP1, RT, and RT SP1 allows remote attackers to obtain sensitive token information via a web site that sends a crafted response during opening of an Office document, aka "Token Reuse Vulnerability."... Read more

    Affected Products : office
    • Published: May. 14, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-5248

    Cross-site scripting (XSS) vulnerability in MyBB before 1.6.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to video MyCode.... Read more

    Affected Products : mybb
    • Published: Aug. 14, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2018-1999004

    A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in SlaveComputer.java that allows attackers with Overall/Read permission to initiate agent launches, and abort in-progress agent launches.... Read more

    • Published: Jul. 23, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-41951

    Missing Authorization vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a through 4.6.14.... Read more

    Affected Products : rtmedia
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 4.3

    MEDIUM
    CVE-2015-4899

    Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality via unknown vectors related to Security.... Read more

    Affected Products : glassfish_server fusion_middleware
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-3673

    The gif_decode_frame function in gifdec.c in libavcodec in FFmpeg before 1.2.1 does not properly manage the disposal methods of frames, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via craft... Read more

    Affected Products : ffmpeg
    • Published: Jun. 10, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-4841

    Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM IP2014 and IP2015 allows remote attackers to affect confidentiality via unknown vectors related to Services.... Read more

    Affected Products : siebel_crm
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-3715

    Apple Safari before 6.0.1 makes http requests for https URIs in certain circumstances involving a paste into the address bar, which allows user-assisted remote attackers to obtain sensitive information by sniffing the network.... Read more

    Affected Products : safari
    • Published: Sep. 20, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2018-1050

    All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could ... Read more

    • Published: Mar. 13, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-3778

    Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Help.... Read more

    Affected Products : e-business_suite
    • Published: Jul. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-6340

    Microsoft Internet Explorer 6 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability."... Read more

    Affected Products : internet_explorer
    • Published: Nov. 11, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-3787

    Unspecified vulnerability in Oracle Solaris 10 and 11 allows remote attackers to affect availability via unknown vectors related to Kernel.... Read more

    Affected Products : sunos solaris
    • Published: Jul. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-3423

    Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified field, aka Bug ID CSCud75174.... Read more

    Affected Products : secure_access_control_system
    • Published: Jul. 12, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-4067

    Walrus in Eucalyptus before 3.2.2 allows remote attackers to cause a denial of service (memory, thread, and CPU consumption) via a crafted XML message containing a DTD, as demonstrated by a bucket-logging request.... Read more

    Affected Products : eucalyptus
    • Published: Sep. 17, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 293673 Results