Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2012-1446

    The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Norman Antivirus 6.06.12, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0.0.125, McAfee Gatewa... Read more

    • Published: Mar. 21, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2019-9179

    An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 5 of 5).... Read more

    Affected Products : gitlab
    • Published: Apr. 17, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-4043

    Cross-site scripting (XSS) vulnerability in global-protect/login.esp in Palo Alto Networks Global Protect Portal, Global Protect Gateway, and SSL VPN portals 3.1.x through 3.1.11 and 4.0.x through 4.0.5 allows remote attackers to inject arbitrary web scri... Read more

    • Published: Jul. 26, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-28166

    SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitation, the attacker can cause a low impact on the Integrit... Read more

    • Published: Aug. 13, 2024
    • Modified: Dec. 10, 2024

  • 4.3

    MEDIUM
    CVE-2024-21206

    Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are ECC:11-13. Easily exploitable vulnerability allows low privileged attacker with network ... Read more

    • Published: Oct. 15, 2024
    • Modified: Jun. 23, 2025

  • 4.3

    MEDIUM
    CVE-2008-1474

    Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact and attack vectors, some of which may be related to cross-site scripting (XSS).... Read more

    Affected Products : roundup
    • Published: Mar. 24, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2013-0124

    Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in ASKIA askiaweb allow remote attackers to inject arbitrary web script or HTML via the (1) Number or (2) UpdatePage parameter to WebProd/cgi-bin/AskiaExt.dll.... Read more

    Affected Products : askiaweb
    • Published: Mar. 21, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-1409

    Cross-site scripting (XSS) vulnerability in the CommentLuv plugin before 2.92.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _ajax_nonce parameter to wp-admin/admin-ajax.php.... Read more

    Affected Products : wordpress commentluv
    • Published: Mar. 03, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-1433

    The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware dete... Read more

    • Published: Mar. 21, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-1691

    Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to insufficient a... Read more

    Affected Products : safari
    • Published: Jun. 10, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2018-2678

    Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulne... Read more

    • Published: Jan. 18, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-4018

    Cross-site scripting (XSS) vulnerability in Final Beta Laboratory MyWebSearch before 1.23 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.... Read more

    Affected Products : mywebsearch
    • Published: Oct. 05, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-1423

    The TAR file parser in Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, K7 AntiVirus 9.77.3565, NOD32 Antivirus 5795, Norman Antiv... Read more

    • Published: Mar. 21, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-4016

    The ATOK application before 1.0.4 for Android allows remote attackers to read the learning information file, and obtain sensitive input-string information, via a crafted application.... Read more

    Affected Products : android atok
    • Published: Sep. 28, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-5584

    The Table of Contents module 6.x-3.x before 6.x-3.8 for Drupal does not properly check node permissions, which allows remote attackers to read a node's headers by accessing a table of contents block.... Read more

    Affected Products : drupal tableofcontents
    • Published: Dec. 26, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-1247

    Cross-site scripting (XSS) vulnerability in the wireless configuration module in Cisco Prime Infrastructure allows remote attackers to inject arbitrary web script or HTML via an SSID that is not properly handled during display of the XML windowing table, ... Read more

    Affected Products : prime_infrastructure
    • Published: May. 31, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-4013

    The WebView class in the Cybozu KUNAI Browser for Remote Service application beta for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file... Read more

    Affected Products : kunai_browser_for_remote_service
    • Published: Sep. 14, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-5702

    Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action, (2) field parameter in a date_format action, or (3) com... Read more

    Affected Products : dotproject
    • Published: Oct. 21, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-4012

    The WebView class in the Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a ... Read more

    Affected Products : kunai
    • Published: Sep. 08, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-25262

    PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/pages/delete/ URI: pages will be deleted.... Read more

    Affected Products : pyrocms
    • Published: Oct. 08, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294836 Results