Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2012-4007

    The mixi application before 4.3.0 for Android allows remote attackers to read potentially sensitive information in friends' comments via a crafted application that leverages the storage of these comments on an SD card.... Read more

    Affected Products : android mixi
    • Published: Aug. 17, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-1154

    mod_cluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used in JBoss Enterprise Application Platform 5.1.2, when "ROOT" is set to excludedContexts, exposes the root context of the server, which allows remote attackers to bypass access restrictio... Read more

    • Published: Oct. 22, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-5665

    ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of user_webdavauth and user_ldap by editing this file.... Read more

    Affected Products : owncloud owncloud_server
    • Published: Jan. 03, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-6555

    Cross-site scripting (XSS) vulnerability in the LatestComment plugin 1.1 for Vanilla Forums allows remote attackers to inject arbitrary web script or HTML via the discussion title.... Read more

    Affected Products : latestcomment
    • Published: May. 23, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-4278

    Cross-site scripting (XSS) vulnerability in the tag autocomplete functionality in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : moodle
    • Published: Jul. 16, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-1161

    Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search results... Read more

    Affected Products : moodle fedora
    • Published: Nov. 14, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-3619

    A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to memory leak. It is recomm... Read more

    Affected Products : linux_kernel
    • Published: Oct. 20, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-4568

    Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain non-ASCII characters in CSS, as demonstr... Read more

    Affected Products : mediawiki
    • Published: Dec. 13, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-6624

    Cross-site scripting (XSS) vulnerability in the SoundCloud Is Gold plugin 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the width parameter in a soundcloud_is_gold_player_preview action to wp-admin/admin-ajax.php.... Read more

    Affected Products : soundcloud_is_gold
    • Published: Jan. 16, 2014
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-5702

    Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action, (2) field parameter in a date_format action, or (3) com... Read more

    Affected Products : dotproject
    • Published: Oct. 21, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-3999

    Cross-site scripting (XSS) vulnerability in admin/login.php in Sticky Notes 0.3.09062012.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter.... Read more

    Affected Products : sticky_notes
    • Published: Jul. 12, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-4045

    Buffer overflow in an unspecified ActiveX control in aipgctl.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to cause a denial of service via a crafted HTML document.... Read more

    Affected Products : frontvue pcvue plantvue
    • Published: Apr. 03, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-4023

    CRLF injection vulnerability in Pebble before 2.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.... Read more

    Affected Products : pebble
    • Published: Nov. 08, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-4006

    The GREE application before 1.4.0, GREE Tanken Dorirando application before 1.0.7, GREE Tsurisuta application before 1.5.0, GREE Monpura application before 1.1.1, GREE Kaizokuoukoku Columbus application before 1.3.5, GREE haconiwa application before 1.1.0... Read more

    • Published: Aug. 17, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-4017

    The jigbrowser+ application before 1.5.0 for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application.... Read more

    Affected Products : android jigbrowser\+
    • Published: Sep. 28, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-3868

    Race condition in the ns_client structure management in ISC BIND 9.9.x before 9.9.1-P2 allows remote attackers to cause a denial of service (memory consumption or process exit) via a large volume of TCP queries.... Read more

    Affected Products : bind
    • Published: Jul. 25, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-5744

    Multiple cross-site scripting (XSS) vulnerabilities in the guest portal in Cisco Identity Services Engine (ISE) Software allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCud11139 and CSCug02904.... Read more

    Affected Products : identity_services_engine_software
    • Published: Aug. 30, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-3828

    Cross-site scripting (XSS) vulnerability in Joomla! 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the Host HTTP Header.... Read more

    Affected Products : joomla\! joomla
    • Published: Jul. 03, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-3830

    Cross-site scripting (XSS) vulnerability in decoda/templates/video.php in Decoda before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via the video directive.... Read more

    Affected Products : decoda
    • Published: Jul. 03, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-5757

    Cross-site scripting (XSS) vulnerability in the Web Client in IBM Rational ClearQuest 7.1.x before 7.1.2.10 and 8.x before 8.0.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : rational_clearquest
    • Published: Mar. 21, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 294853 Results