Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2009-2739

    Cross-site scripting (XSS) vulnerability in FreeNAS before 0.69.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.... Read more

    Affected Products : freenas
    • Published: Aug. 11, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2022-43433

    Jenkins ScreenRecorder Plugin 0.7 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.... Read more

    Affected Products : screenrecorder
    • Published: Oct. 19, 2022
    • Modified: May. 08, 2025

  • 4.3

    MEDIUM
    CVE-2009-2565

    Cross-site scripting (XSS) vulnerability in Perl CGI's By Mrs. Shiromuku shiromuku(fs6)DIARY 2.40 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : shiromuku\(fs6\)diary
    • Published: Jul. 21, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-2551

    Multiple cross-site scripting (XSS) vulnerabilities in ScriptsEz Easy Image Downloader allow remote attackers to inject arbitrary web script or HTML via the id parameter in a detail action to (1) main.php and possibly (2) demo_page.php.... Read more

    Affected Products : easy_image_downloader
    • Published: Jul. 20, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2009-2542

    Netscape 6 and 8 allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.... Read more

    Affected Products : navigator
    • Published: Jul. 20, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-2244

    The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNS packet with an invalid checksum followed by a DNS packet with ... Read more

    Affected Products : avahi
    • Published: Jul. 08, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-14577

    Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticat... Read more

    • Published: Jul. 15, 2020
    • Modified: May. 27, 2025

  • 4.3

    MEDIUM
    CVE-2023-34219

    In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API... Read more

    Affected Products : teamcity
    • Published: May. 31, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-3987

    Cross-site scripting (XSS) vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • Published: Oct. 28, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2318

    Cross-site scripting (XSS) vulnerability in cms_data.php in PHPCityPortal 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter.... Read more

    Affected Products : phpcityportal
    • Published: Jun. 17, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2280

    Open redirect vulnerability in the Mobile component in IBM Lotus Connections 2.5.x before 2.5.0.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "mobile edit actions," aka ... Read more

    Affected Products : lotus_connections
    • Published: Jun. 15, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2119

    Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid nntp:// URIs.... Read more

    Affected Products : internet_explorer
    • Published: Jun. 01, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-3510

    The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a cra... Read more

    Affected Products : openssl
    • Published: Aug. 13, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2009-2546

    Directory traversal vulnerability in Advanced Electron Forum (AEF) 1.x allows remote attackers to determine the existence of arbitrary files via the avatargalfile parameter when changing an avatar, which leaks the existence of the file in an error message... Read more

    Affected Products : advanced_electron_forum
    • Published: Jul. 20, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-2281

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS 2.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword or (2) bannerid parameter in conjunction with a /admin/ad/banner/list PATH_INFO; and allo... Read more

    Affected Products : tomatocms
    • Published: Jun. 15, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-2342

    Cross-site scripting (XSS) vulnerability in admin.php (aka the login page) in Content Management Made Easy (CMME) before 1.22 allows remote attackers to inject arbitrary web script or HTML via the username field.... Read more

    Affected Products : cmme
    • Published: Jul. 07, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-1393

    The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to discover sensitive URLs via an HREF attribute associated with a red... Read more

    • Published: Jun. 11, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2654

    Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via t... Read more

    • Published: Jul. 08, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1373

    Cross-site scripting (XSS) vulnerability in Help Viewer in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted help: URL, related to "URL parameters in HTML content."... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Jun. 17, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-14684

    Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability all... Read more

    • Published: Jul. 15, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294863 Results