Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2022-31745

    If array shift operations are not used, the Garbage Collector may have become confused about valid objects. This vulnerability affects Firefox < 101.... Read more

    Affected Products : firefox
    • Published: Dec. 22, 2022
    • Modified: Apr. 15, 2025

  • 4.3

    MEDIUM
    CVE-2011-1819

    Google Chrome before 12.0.742.91 allows remote attackers to perform unspecified injection into a chrome:// page via vectors related to extensions.... Read more

    Affected Products : chrome
    • Published: Jun. 09, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2018-18511

    Cross-origin images can be read from a canvas element in violation of the same-origin policy using the transferFromImageBitmap method. *Note: This only affects Firefox 65. Previous versions are unaffected.*. This vulnerability affects Firefox < 65.0.1.... Read more

    Affected Products : firefox
    • Published: Apr. 26, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2018-18585

    chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).... Read more

    • Published: Oct. 23, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-3393

    The Clientless SSL VPN portal customization framework in Cisco ASA Software 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.14), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), and 9.2 before 9.2(2.4) does not properly imple... Read more

    • Published: Oct. 10, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2010-2325

    Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL in... Read more

    Affected Products : websphere_application_server zos
    • Published: Jun. 18, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2018-17857

    An issue was discovered in Joomla! before 3.8.13. Inadequate checks on the tags search fields can lead to an access level violation.... Read more

    Affected Products : joomla\!
    • Published: Oct. 09, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-6434

    The remote-viewer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.3, when using a native SPICE client invocation method, initially makes insecure connections to the SPICE server, which allows man-in-the-middle attackers to spoof the SPICE s... Read more

    Affected Products : enterprise_virtualization_manager
    • Published: Jan. 24, 2014
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-1570

    The resolver in MaraDNS before 1.3.0.7.15 and 1.4.x before 1.4.12 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of rev... Read more

    Affected Products : maradns
    • Published: Mar. 28, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-1896

    Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "ExcelTable Reflected XSS Vulne... Read more

    Affected Products : forefront_unified_access_gateway
    • Published: Oct. 12, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2018-14628

    An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.... Read more

    Affected Products : fedora samba
    • Published: Jan. 17, 2023
    • Modified: Jan. 22, 2025

  • 4.3

    MEDIUM
    CVE-2011-1077

    Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : archiva
    • Published: Jun. 02, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-3438

    Multiple cross-site scripting (XSS) vulnerabilities in console interface scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : endpoint_protection_manager
    • Published: Nov. 07, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2010-2301

    Cross-site scripting (XSS) vulnerability in editing/markup.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to inject arbitrary web script or HTML via vectors related to the node.innerHTML property of a TEXTAREA element.... Read more

    • Published: Jun. 15, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-5863

    Unspecified vulnerability in Oracle Solaris 11.1 allows remote attackers to affect integrity via vectors related to IPS repository daemon.... Read more

    Affected Products : solaris sunos
    • Published: Oct. 16, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-5911

    Cross-site scripting (XSS) vulnerability in devform.php in Tenable SecurityCenter 4.6 through 4.7 allows remote attackers to inject arbitrary web script or HTML via the message parameter.... Read more

    Affected Products : securitycenter
    • Published: Sep. 24, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-1361

    Cisco IOS 15.1 and 15.2, when the Multicast Music-on-Hold (MMoH) feature of Cisco Unified Communications Manager (CUCM) is enabled, allows remote attackers to obtain sensitive crosstalk information by listening during a PSTN call, aka Bug ID CSCtx77750.... Read more

    Affected Products : ios
    • Published: Aug. 06, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2543

    Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graph_start parameter to graph.php. NOTE: this vulnerability exists because of an incor... Read more

    Affected Products : cacti
    • Published: Aug. 23, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2007-3555

    Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter, a different vulnerability than CVE-2004-1424.... Read more

    Affected Products : moodle
    • Published: Jul. 04, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2012-1600

    Multiple cross-site scripting (XSS) vulnerabilities in functions.php in phpPgAdmin before 5.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) type of a function.... Read more

    Affected Products : opensuse phppgadmin
    • Published: May. 14, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293612 Results