Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2012-1755

    Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 allows remote attackers to affect integrity via vectors related to PeopleBooks - PSOL.... Read more

    Affected Products : peoplesoft_products
    • Published: Jan. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-2728

    The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.... Read more

    Affected Products : perl
    • Published: Dec. 21, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-2644

    Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to an RPM info display.... Read more

    Affected Products : kiwi suse_studio_onsite
    • Published: Aug. 23, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-2787

    Google Chrome before 13.0.782.107 does not properly address re-entrancy issues associated with the GPU lock, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.... Read more

    Affected Products : chrome
    • Published: Aug. 03, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-2673

    Cross-site scripting (XSS) vulnerability in BaserCMS before 1.6.13.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : basercms
    • Published: Oct. 02, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-1782

    Multiple cross-site scripting (XSS) vulnerabilities in questions/ask in OSQA 3b allow remote attackers to inject arbitrary web script or HTML via the (1) url bar or (2) picture bar.... Read more

    Affected Products : osqa
    • Published: Mar. 19, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-1787

    Multiple cross-site scripting (XSS) vulnerabilities in wgarcmin.cgi in Webglimpse 2.20.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) FILE, or (3) DOMAIN parameters.... Read more

    Affected Products : webglimpse
    • Published: Mar. 19, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-2611

    Unspecified vulnerability in the printing functionality in Opera before 11.50 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page.... Read more

    Affected Products : opera_browser
    • Published: Jul. 01, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-4561

    Cross-site scripting (XSS) vulnerability in admin.php in Phorum 5.2.18 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php. NOTE: some of these details are obtained from third party information.... Read more

    Affected Products : phorum
    • Published: Nov. 28, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-1789

    Multiple cross-site scripting (XSS) vulnerabilities in Kongreg8 1.7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) surname or (2) firstname parameters to modules/members/addmember.php; or (3) groupdescription or (4) groupname ... Read more

    Affected Products : kongreg8
    • Published: Mar. 19, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2005-4872

    Perl-Compatible Regular Expression (PCRE) library before 6.2 does not properly count the number of named capturing subpatterns, which allows context-dependent attackers to cause a denial of service (crash) via a regular expression with a large number of n... Read more

    Affected Products : pcre
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1127

    Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly handled when adding a comment to an album.... Read more

    Affected Products : gallery
    • Published: Mar. 09, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2011-2606

    Cross-site scripting (XSS) vulnerability in the Web UI in IBM Rational Team Concert (RTC) 3.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Work Item 165511.... Read more

    Affected Products : rational_team_concert
    • Published: Jun. 30, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2006-1595

    Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in Claroline 1.7.4 and earlier allows remote attackers to read arbitrary files via ".." sequences in the file parameter in a rqEditHtml command.... Read more

    Affected Products : claroline
    • Published: Apr. 03, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2012-1825

    Multiple cross-site scripting (XSS) vulnerabilities in the status program on the ForeScout CounterACT appliance with software 6.3.3.2 through 6.3.4.10 allow remote attackers to inject arbitrary web script or HTML via (1) the loginname parameter in a forgo... Read more

    Affected Products : counteract
    • Published: Jun. 11, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-2369

    Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 4.0.1 allows remote attackers to inject arbitrary web script or HTML via an SVG element containing an HTML-encoded entity.... Read more

    Affected Products : firefox
    • Published: Jun. 30, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-2342

    The DOM implementation in Google Chrome before 12.0.742.91 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.... Read more

    Affected Products : chrome
    • Published: Jun. 09, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-1857

    Cross-site scripting (XSS) vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Dynamics AX Enterprise Portal XSS Vulnerability."... Read more

    Affected Products : dynamics_ax
    • Published: Jun. 12, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-1858

    The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cro... Read more

    • Published: Jun. 12, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-1873

    Microsoft Internet Explorer 7 through 9 does not properly create and initialize string data, which allows remote attackers to obtain sensitive information from process memory via a crafted HTML document, aka "Null Byte Information Disclosure Vulnerability... Read more

    • Published: Jun. 12, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 294210 Results