Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2012-4597

    Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to inject arbitrary web script or HTML via vectors related... Read more

    • Published: Aug. 22, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2023-41951

    Missing Authorization vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a through 4.6.14.... Read more

    Affected Products : rtmedia
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 4.3

    MEDIUM
    CVE-2002-1901

    Cross-site scripting (XSS) vulnerability in Bodo Bauer BBGallery 1.0 allows remote attackers to inject arbitrary web script or HTML via image tags.... Read more

    Affected Products : bbgallery
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2012-5219

    Cross-site scripting (XSS) vulnerability in HP Managed Printing Administration (MPA) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : managed_printing_administration
    • Published: Apr. 28, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-2251

    Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.3.0.3 allows remote attackers to affect integrity via unknown vectors.... Read more

    Affected Products : secure_backup
    • Published: Jul. 20, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2018-14853

    A NULL pointer dereference in dhd_prot_txdata_write_flush in drivers/net/wireless/bcmdhd4358/dhd_msgbuf.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip)... Read more

    Affected Products : galaxy_s6_firmware galaxy_s6
    • Published: Dec. 17, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-1137

    Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the Server Console in VMware Server 1.0, allows remote attackers to inject arbitrary web script or HTML via the name of a virtual... Read more

    Affected Products : server virtualcenter esx_server
    • Published: Apr. 01, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-1893

    Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XS... Read more

    • Published: Sep. 15, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-4067

    Walrus in Eucalyptus before 3.2.2 allows remote attackers to cause a denial of service (memory, thread, and CPU consumption) via a crafted XML message containing a DTD, as demonstrated by a bucket-logging request.... Read more

    Affected Products : eucalyptus
    • Published: Sep. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-0904

    VLC media player 1.1.11 allows remote attackers to cause a denial of service (crash) via a long string in an amr file.... Read more

    Affected Products : vlc_media_player
    • Published: Jan. 20, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-6345

    Microsoft Internet Explorer 9 and 10 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability."... Read more

    Affected Products : internet_explorer
    • Published: Nov. 11, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2021-32477

    The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability (site administrators by default). Moodle versions 3.10 to 3.10.3 are affected.... Read more

    Affected Products : moodle
    • Published: Mar. 11, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2009-2814

    Cross-site scripting (XSS) vulnerability in the Wiki Server in Apple Mac OS X 10.5.8 allows remote attackers to inject arbitrary web script or HTML via a search request containing data that does not use UTF-8 encoding.... Read more

    Affected Products : mac_os_x_server
    • Published: Sep. 14, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2014-6318

    The audit logon feature in Remote Desktop Protocol (RDP) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly log unauthor... Read more

    • Published: Nov. 11, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2010-2301

    Cross-site scripting (XSS) vulnerability in editing/markup.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to inject arbitrary web script or HTML via vectors related to the node.innerHTML property of a TEXTAREA element.... Read more

    • Published: Jun. 15, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-1978

    Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser applic... Read more

    • Published: Aug. 10, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-4029

    Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, as used in Internet Explorer, allows remote attackers to obtain sensitive information from another domain via a crafted XML document, related to improper error checks for external DTDs... Read more

    • Published: Nov. 12, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2002-2386

    Cross-site scripting (XSS) vulnerability in the Quizz module for XOOPS 1.0, when allowing on-line question development, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the SRC attribute of an IMG tag.... Read more

    Affected Products : xoops
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2011-2161

    The ape_read_header function in ape.c in libavformat in FFmpeg before 0.5.4, as used in MPlayer, VideoLAN VLC media player, and other products, allows remote attackers to cause a denial of service (application crash) via an APE (aka Monkey's Audio) file t... Read more

    Affected Products : ffmpeg
    • Published: May. 20, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-4846

    IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, aka SPR... Read more

    Affected Products : lotus_notes notes
    • Published: Dec. 19, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 294534 Results