Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2011-3866

    Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly restrict availability of motion data events, which makes it easier for remote attackers to read keystrokes by leveraging JavaScript code running in a background tab.... Read more

    Affected Products : firefox seamonkey
    • Published: Sep. 29, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-5462

    IBM/ECMClient/configure/explodedformat/navigator/header.jsp in IBM Content Navigator 2.0.0, 2.0.1 before 2.0.1.2-ICN-FP002, and 2.0.2 before 2.0.2.1-ICN-FP001 allows remote attackers to conduct clickjacking attacks via vectors involving FRAME elements.... Read more

    Affected Products : content_navigator
    • Published: Dec. 19, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-2975

    Cross-site scripting (XSS) vulnerability in php/user_account.php in Silver Peak VX before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via the user_id parameter.... Read more

    Affected Products : vx
    • Published: Jul. 28, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-5519

    Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuf77810.... Read more

    Affected Products : wireless_lan_controller
    • Published: Oct. 03, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-2908

    Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • Published: Apr. 25, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-5497

    The authentication manager process in the web framework in Cisco Intrusion Prevention System (IPS) does not properly handle user tokens, which allows remote attackers to cause a denial of service (intermittent MainApp hang) via a crafted management-interf... Read more

    • Published: Sep. 19, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-5454

    IBM WebSphere Portal 6.0 through 6.0.1.7, 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF25, and 8.0 through 8.0.0.1 CF08 allows remote attackers to read arbitrary files via a modified URL.... Read more

    Affected Products : websphere_portal
    • Published: Nov. 18, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-5449

    Cross-site scripting (XSS) vulnerability in workingSet.jsp in IBM Eclipse Help System (IEHS), as used in the installable InfoCenter component in IBM FileNet Content Manager 4.5.1, 5.0.0, 5.1.0, and 5.2.0, allows remote attackers to inject arbitrary web sc... Read more

    Affected Products : filenet_content_manager
    • Published: Dec. 04, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-5438

    Cross-site scripting (XSS) vulnerability in the web server in IBM Flex System Manager (FSM) 1.1.0 through 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : flex_system_manager
    • Published: Dec. 14, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-5422

    The Web Client in IBM Rational ClearQuest 7.1 through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2, when a multi-database dataset exists, allows remote attackers to read database names via unspecified vectors.... Read more

    • Published: Dec. 19, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-2644

    Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.... Read more

    Affected Products : systems_insight_manager
    • Published: Oct. 06, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-1345

    WebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x before 7.0.5 does not properly encode domain names in URLs, which allows remote attackers to spoof the address bar via a crafted web site.... Read more

    Affected Products : iphone_os safari
    • Published: Jul. 01, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2020-2210

    Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier transmits configured passwords in plain text as part of its global Jenkins configuration form, potentially resulting in their exposure.... Read more

    Affected Products : stash_branch_parameter
    • Published: Jul. 02, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-1263

    curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName fie... Read more

    Affected Products : curl mac_os_x
    • Published: Feb. 27, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-1501

    Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to Login.... Read more

    Affected Products : e-business_suite
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-1670

    The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content leve... Read more

    • Published: May. 16, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-1571

    Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote attackers to affect integrity via unknown vectors ... Read more

    Affected Products : jdk jre jre jdk javafx
    • Published: Jun. 18, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-3755

    Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5.0 allows remote attackers to affect integrity via vectors related to SSO Engine.... Read more

    Affected Products : fusion_middleware
    • Published: Jul. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-3295

    IBM WebSphere MQ 7.1, when an SVRCONN channel is used, allows remote attackers to bypass the security-configuration setup step and obtain queue-manager access via unspecified vectors.... Read more

    Affected Products : websphere_mq
    • Published: Aug. 29, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-1646

    Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary web script or HTML via (1) invalid JSON data in a mail-sending POST req... Read more

    Affected Products : open-xchange_server
    • Published: Sep. 05, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 293631 Results