Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2022-28139

    A missing permission check in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.... Read more

    Affected Products : rocketchat_notifier
    • Published: Mar. 29, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-0322

    The EStrongs ES File Explorer application 1.6.0.2 through 1.6.1.1 for Android does not properly restrict access, which allows remote attackers to read arbitrary files via vectors involving an unspecified function.... Read more

    Affected Products : android es_file_explorer
    • Published: Mar. 05, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-0285

    Multiple cross-site scripting (XSS) vulnerabilities in Stoneware webNetwork before 6.0.8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : webnetwork
    • Published: Jan. 24, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-4189

    Cross-site scripting (XSS) vulnerability in Bugzilla 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a ta... Read more

    Affected Products : bugzilla
    • Published: Nov. 16, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-0421

    Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a ... Read more

    Affected Products : pango
    • Published: Mar. 18, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-1953

    Multiple cross-site scripting (XSS) vulnerabilities in common.php in Post Revolution before 0.8.0c-2 allow remote attackers to inject arbitrary web script or HTML via an attribute of a (1) P, a (2) STRONG, a (3) A, a (4) EM, a (5) I, a (6) IMG, a (7) LI, ... Read more

    Affected Products : post_revolution
    • Published: Jun. 06, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-4263

    Cross-site scripting (XSS) vulnerability in inc/admin/content.php in the Better WP Security (better_wp_security) plugin before 3.2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_USER_AGENT header.... Read more

    Affected Products : wordpress better-wp-security
    • Published: Aug. 13, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-1941

    Open redirect vulnerability in the redirector feature in phpMyAdmin 3.4.x before 3.4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.... Read more

    Affected Products : phpmyadmin
    • Published: Jan. 26, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-5889

    Cross-site scripting (XSS) vulnerability in the powermail extension before 1.6.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : typo3 powermail powermail
    • Published: Nov. 17, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-2955

    Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allow remote attackers to inject arbitrary web sc... Read more

    • Published: Jul. 20, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-1934

    lilo-uuid-diskid causes lilo.conf to be world-readable in lilo 23.1.... Read more

    Affected Products : debian_linux lilo
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-1432

    An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer, aka 'Skype for Business via Internet Explorer Information Disclosure Vulnerability'.... Read more

    • Published: Jul. 14, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-5888

    Cross-site scripting (XSS) vulnerability in Basic SEO Features (seo_basics) extension before 0.8.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : typo3 seo_basics
    • Published: Nov. 17, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-1208

    Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) report parameter to blog/settings or (... Read more

    Affected Products : fork_cms
    • Published: Feb. 24, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-2935

    Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Checkout/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the value_title parameter, a different vuln... Read more

    Affected Products : online_merchant
    • Published: May. 27, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-1962

    Microsoft Internet Explorer 6 through 9 does not properly handle unspecified character sequences, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers "inactive filtering," aka "Shift J... Read more

    • Published: Aug. 10, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2016-5542

    Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to Libraries.... Read more

    Affected Products : jdk jre
    • Published: Oct. 25, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2010-4575

    The ThemeInstalledInfoBarDelegate::Observe function in browser/extensions/theme_installed_infobar_delegate.cc in Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 does not properly handle incorrect tab interaction by an extension, which al... Read more

    Affected Products : chrome chrome_os
    • Published: Dec. 22, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-5305

    Cross-site scripting (XSS) vulnerability in CMD_DOMAIN in JBMC Software DirectAdmin 1.403 allows remote attackers to inject arbitrary web script or HTML via the domain parameter.... Read more

    Affected Products : directadmin
    • Published: Oct. 06, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-5906

    Multiple cross-site scripting (XSS) vulnerabilities in GreenBrowser 6.1.0117 and 6.1.0216 allow remote attackers to inject arbitrary web script or HTML via (1) the URI in an about: page or (2) the last visited URL in the LastVisitWriteEn function in funct... Read more

    Affected Products : greenbrowser
    • Published: Nov. 17, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 294633 Results