Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2020-1229

    A security feature bypass vulnerability exists in Microsoft Outlook when Office fails to enforce security settings configured on a system, aka 'Microsoft Outlook Security Feature Bypass Vulnerability'.... Read more

    Affected Products : office word 365_apps
    • Published: Jun. 09, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-22114

    User with no permission to any of the Hosts can access and view host count & other statistics through System Information Widget in Global View Dashboard.... Read more

    Affected Products : zabbix
    • Published: Aug. 12, 2024
    • Modified: Dec. 04, 2024

  • 4.3

    MEDIUM
    CVE-2010-1235

    Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows remote attackers to trigger the omission of a download warning dialog via unknown vectors.... Read more

    Affected Products : chrome
    • Published: Apr. 01, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2023-5850

    Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)... Read more

    Affected Products : fedora debian_linux chrome edge_chromium
    • Published: Nov. 01, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-1236

    The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows remote... Read more

    Affected Products : chrome flock
    • Published: Apr. 01, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1274

    Cross-site scripting (XSS) vulnerability in Emweb Wt before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to "insertions of the URL" that occur during a redirection.... Read more

    Affected Products : wt
    • Published: Apr. 06, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1218

    Cross-site scripting (XSS) vulnerability in the mm_forum extension 1.8.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : typo3 mmforum
    • Published: Mar. 30, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1207

    Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 do not properly implement read restrictions for CANVAS elements, which allows remote attackers to obtain sensitive cross-origin information via vectors involving reference retention and node deleti... Read more

    Affected Products : firefox thunderbird
    • Published: Jul. 30, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1193

    Cross-site scripting (XSS) vulnerability in WebAccess in VMware Server 2.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON error messages.... Read more

    Affected Products : server
    • Published: Apr. 01, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-14514

    All trailer Power Line Communications are affected. PLC bus traffic can be sniffed reliably via an active antenna up to 6 feet away. Further distances are also possible, subject to environmental conditions and receiver improvements.... Read more

    Affected Products : power_line_communications
    • Published: Sep. 01, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-1095

    Cross-site scripting (XSS) vulnerability in login_reset_password_page.php in Tracking Requirements & Use Cases (TRUC) 0.11.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: the provenance of this ... Read more

    Affected Products : truc
    • Published: Mar. 24, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1195

    Cross-site scripting (XSS) vulnerability in the htmlscrubber component in ikiwiki 2.x before 2.53.5 and 3.x before 3.20100312 allows remote attackers to inject arbitrary web script or HTML via a crafted data:image/svg+xml URI.... Read more

    Affected Products : ikiwiki
    • Published: Mar. 31, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1213

    The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows remote... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Jul. 30, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1091

    Multiple cross-site scripting (XSS) vulnerabilities in contact.php in phpMySite allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) city, (3) email, (4) state, and (5) message parameters.... Read more

    Affected Products : phpmysite
    • Published: Mar. 24, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-16201

    Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. Multiple out-of-bounds read vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to read information.... Read more

    Affected Products : cncsoft_screeneditor
    • Published: Aug. 04, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-1186

    Cross-site scripting (XSS) vulnerability in xml/media-rss.php in the NextGEN Gallery plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the mode parameter.... Read more

    Affected Products : wordpress nextgen_gallery
    • Published: Apr. 07, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1197

    Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote atta... Read more

    Affected Products : firefox seamonkey
    • Published: Jun. 24, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1164

    Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA 3.12 through 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) element or (2) defaultColor parameter to the Colour Picker page; the (3) formName parameter, (... Read more

    Affected Products : jira jira_server
    • Published: Apr. 20, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-1815

    Google Chrome before 12.0.742.91 allows remote attackers to inject script into a tab page via vectors related to extensions.... Read more

    Affected Products : chrome
    • Published: Jun. 09, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-1824

    The VEGAOpBitmap::AddLine function in Opera before 10.61 does not properly initialize memory during processing of the SIZE attribute of a SELECT element, which allows remote attackers to trigger an invalid memory write operation, and consequently cause a ... Read more

    Affected Products : opera_browser
    • Published: May. 10, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 293680 Results