Latest CVE Feed
-
4.3
MEDIUMCVE-2010-2407
Unspecified vulnerability in the XDK component in Oracle Database Server 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect integrity via unknown vectors.... Read more
Affected Products : database_server- Published: Oct. 14, 2010
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2010-2049
Cross-site scripting (XSS) vulnerability in jsp/audit/reports/ExportReport.jsp in ManageEngine ADAudit Plus 4.0.0 build 4043 allows remote attackers to inject arbitrary web script or HTML via the reportList parameter. NOTE: the provenance of this informa... Read more
- Published: May. 25, 2010
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2017-20053
A vulnerability was found in XYZScripts Contact Form Manager Plugin. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely... Read more
Affected Products : contact_form_manager- Published: Jun. 16, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2006-2352
Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via unknown vectors in (1) NmConsole/Tools.asp and (2) NmConsole/... Read more
Affected Products : whatsup_professional- Published: May. 15, 2006
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2015-8021
Incomplete blacklist vulnerability in the Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, Link Controller, and PSM 11.x before 11.2.1 HF11, 11.3.x, 11.4.0 before HF8, and 11.4.1 before HF6; BIG-IP AAM 11.4.0 before HF8 and 11.4.1 before ... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager big-ip_policy_enforcement_manager big-ip_edge_gateway +3 more products- Published: Apr. 12, 2016
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2007-3386
Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to... Read more
Affected Products : tomcat- Published: Aug. 14, 2007
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2010-1422
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle changes to keyboard focus that occur during processing of key press events, which allows remote attackers to force arbit... Read more
- Published: Jun. 11, 2010
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2010-1384
Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not provide a warning about a (1) http or (2) https URL that contains a username and password, which makes it easier for remote attackers to conduct p... Read more
- Published: Jun. 11, 2010
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2010-1389
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a ... Read more
- Published: Jun. 11, 2010
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2007-1609
Cross-site scripting (XSS) vulnerability in servlet/Spy in Dynamic Monitoring Services (DMS) in Oracle Application Server (OAS) 10g 10.1.2.0.0 allows remote attackers to inject arbitrary web script or HTML via the table parameter. NOTE: This may be relat... Read more
Affected Products : application_server- Published: Mar. 22, 2007
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2017-2701
Mate 9 with software MHA-AL00AC00B125 has a denial of service (DoS) vulnerability. An attacker tricks a user into installing a malicious application. Since the system does not verify the broadcasting message from the application, it could be exploited to ... Read more
- Published: Nov. 22, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2010-0181
Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of ser... Read more
- Published: Apr. 05, 2010
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2016-0513
Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via vectors related to BIS Common Components.... Read more
Affected Products : e-business_suite- Published: Jan. 21, 2016
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2016-0584
Unspecified vulnerability in the Oracle CRM Technology Foundation component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via vectors related to BIS Common Components, a different vulnerability than CVE-2016-0579, CVE-20... Read more
- Published: Jan. 21, 2016
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2021-22254
Under very specific conditions a user could be impersonated using Gitlab shell. This vulnerability affects GitLab CE/EE 13.1 and later through 14.1.2, 14.0.7 and 13.12.9.... Read more
Affected Products : gitlab- Published: Aug. 20, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2007-3385
Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote att... Read more
Affected Products : tomcat- Published: Aug. 14, 2007
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2017-20093
A vulnerability, which was classified as problematic, was found in Download Manager Plugin 2.8.99. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely.... Read more
- Published: Jun. 24, 2022
- Modified: Mar. 21, 2025
-
4.3
MEDIUMCVE-2023-48233
Vim is an open source command line text editor. If the count after the :s command is larger than what fits into a (signed) long variable, abort with e_value_too_large. Impact is low, user interaction is required and a crash may not even happen in all situ... Read more
- Published: Nov. 16, 2023
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2007-3227
Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord::Base#to_json) function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values.... Read more
Affected Products : rails- Published: Jun. 14, 2007
- Modified: Apr. 09, 2025
-
4.3
MEDIUMCVE-2016-1000346
In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use.... Read more
Affected Products : debian_linux legion-of-the-bouncy-castle-java-crytography-api bc-java bouncy_castle_for_java- Published: Jun. 04, 2018
- Modified: May. 12, 2025