Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2015-5865

    IOGraphics in Apple OS X before 10.11 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Oct. 09, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1630

    Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Audit Report Cross Site Scripting Vulner... Read more

    Affected Products : exchange_server
    • Published: Mar. 11, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2010-1224

    main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an... Read more

    Affected Products : asterisk open_source
    • Published: Apr. 01, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-8261

    A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.... Read more

    • Published: Oct. 28, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-1637

    Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS s... Read more

    • Published: Mar. 06, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2010-2155

    Multiple cross-site scripting (XSS) vulnerabilities in zc/publisher/html.rb in ZoneCheck 2.1.0 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) xmlnode.value, (2) zc-error text, (3) $zc_version, (4) domainname in a ... Read more

    Affected Products : zonecheck
    • Published: Jun. 03, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-7651

    All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk's internal network via patch history from GitHub Commits API.... Read more

    Affected Products : broker
    • Published: May. 29, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-1670

    The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, allows remote attackers to obtain sensitive information from process memory via a crafted OpenType font on a web site, aka "OpenType Font P... Read more

    Affected Products : .net_framework
    • Published: May. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-33585

    Missing Authorization vulnerability in Tyche Softwares Payment Gateway Based Fees and Discounts for WooCommerce.This issue affects Payment Gateway Based Fees and Discounts for WooCommerce: from n/a through 2.12.1. ... Read more

    Affected Products :
    • Published: Apr. 29, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-1313

    Directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. NOT... Read more

    Affected Products : joomla\! com_sebercart
    • Published: Apr. 08, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2005-2776

    Multiple cross-site scripting (XSS) vulnerabilities in Looking Glass 20040427 allow remote attackers to inject arbitrary web script or HTML via the (1) version[fullname], (2) version[homepage], or (3) version[no] parameter to footer.php, or the (4) versio... Read more

    Affected Products : looking_glass
    • Published: Sep. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2020-8284

    A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for ... Read more

    • Published: Dec. 14, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-7568

    A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon M221 (all references, all versions) that could allow non sensitive information disclosure when the attacker has captured the traffic between EcoStruxure ... Read more

    Affected Products : modicon_m221_firmware modicon_m221
    • Published: Nov. 19, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-8275

    Citrix Secure Mail for Android before 20.11.0 suffers from improper access control allowing unauthenticated access to read limited calendar related data stored within Secure Mail. Note that a malicious app would need to be installed on the Android device ... Read more

    Affected Products : secure_mail
    • Published: Jan. 06, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2005-2676

    Cross-site scripting (XSS) vulnerability in displayimage.php in Coppermine Photo Gallery before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via EXIF data.... Read more

    Affected Products : coppermine_photo_gallery
    • Published: Aug. 23, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2015-5828

    The API in the WebKit Plug-ins component in Apple Safari before 9 does not provide notification of an HTTP Redirection (aka 3xx) status code to a plugin, which allows remote attackers to bypass intended request restrictions via a crafted web site.... Read more

    Affected Products : leap safari
    • Published: Oct. 09, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2005-2204

    Cross-site scripting (XSS) vulnerability in Computer Associates (CA) eTrust SiteMinder 5.5, when the "CSSChecking" parameter is set to "NO," allows remote attackers to inject arbitrary web script or HTML via the (1) PASSWORD or (2) BUFFER parameters to sm... Read more

    Affected Products : etrust_siteminder
    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2015-5835

    Apple iOS before 9 allows attackers to obtain sensitive information about inter-app communication via a crafted app that conducts an interception attack involving an unspecified URL scheme.... Read more

    Affected Products : iphone_os
    • Published: Sep. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9480

    Cross-site scripting (XSS) vulnerability in the Hovercards extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors related to text extracts.... Read more

    Affected Products : mediawiki
    • Published: Jan. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-5535

    Cross-site scripting (XSS) vulnerability in the qTranslate plugin 2.5.39 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the edit parameter in the qtranslate page to wp-admin/options-general.php.... Read more

    Affected Products : qtranslate qtranslate
    • Published: Aug. 13, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293634 Results