Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2016-1955

    Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element.... Read more

    • Published: Mar. 13, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4205

    Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to Portal Framework, a different vulnerability than CVE-2014-2491.... Read more

    Affected Products : siebel_crm
    • Published: Jul. 17, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-3373

    Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCu... Read more

    Affected Products : unified_communications_manager
    • Published: Oct. 31, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2011-0082

    The X.509 certificate validation functionality in Mozilla Firefox 4.0.x through 4.0.1 does not properly implement single-session security exceptions, which might make it easier for user-assisted remote attackers to spoof an SSL server via an untrusted cer... Read more

    Affected Products : firefox
    • Published: Jun. 06, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-3365

    Multiple cross-site scripting (XSS) vulnerabilities in Cisco Prime Security Manager (PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via crafted input to the (1) Dashboard or (2) Configure Realm page, aka Bug ID C... Read more

    Affected Products : prime_security_manager
    • Published: Feb. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4213

    Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.2, and 12.2.3 allows remote attackers to affect integrity via unknown vectors.... Read more

    Affected Products : e-business_suite
    • Published: Jul. 17, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-3431

    Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and per... Read more

    • Published: Jun. 21, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4436

    IOHIDFamily in Apple OS X before 10.10 allows attackers to cause denial of service (out-of-bounds read operation) via a crafted application.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Oct. 18, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-3456

    Cross-site scripting (XSS) vulnerability in GitLab Enterprise Edition (EE) 6.6.0 before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : gitlab
    • Published: May. 13, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-6944

    Cross-site scripting (XSS) vulnerability in the user interface in the AAA TM vServer in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to inject arbit... Read more

    • Published: Mar. 11, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-3653

    Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template.... Read more

    Affected Products : foreman
    • Published: Jul. 06, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-3779

    Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ADSelfService Plus before 5.2 Build 5202 allows remote attackers to inject arbitrary web script or HTML via the name parameter to GroupSubscription.do.... Read more

    Affected Products : manageengine_adselfservice_plus
    • Published: Jan. 07, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-2393

    Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 before 7.4.2-rev13 allows remote attackers to inject arbitrary web script or HTML via a Drive filename that is not properly handled during use of the comp... Read more

    Affected Products : open-xchange_appsuite
    • Published: Apr. 24, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4309

    Multiple cross-site scripting (XSS) vulnerabilities in Openfiler 2.99 allow remote attackers to inject arbitrary web script or HTML via the (1) TinkerAjax parameter to uptime.html, or remote authenticated users to inject arbitrary web script or HTML via t... Read more

    Affected Products : openfiler
    • Published: Jun. 18, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2009-3024

    The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a ... Read more

    Affected Products : io-socket-ssl
    • Published: Aug. 31, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2014-3797

    Cross-site scripting (XSS) vulnerability in VMware vCenter Server Appliance (vCSA) 5.1 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : vcenter_server_appliance
    • Published: Dec. 08, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2003-1480

    MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods.... Read more

    Affected Products : mysql mysql
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2020-2215

    A cross-site request forgery vulnerability in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified username and password.... Read more

    Affected Products : zephyr_for_jira_test_management
    • Published: Jul. 02, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-2939

    Multiple cross-site scripting (XSS) vulnerabilities in Alfresco Enterprise before 4.1.6.13 allow remote attackers to inject arbitrary web script or HTML via (1) an XHTML document, (2) a <% tag, or (3) the taskId parameter to share/page/task-edit.... Read more

    Affected Products : alfresco
    • Published: Jun. 02, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4304

    Cross-site scripting (XSS) vulnerability in browse.php in SQL Buddy 1.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the table parameter.... Read more

    Affected Products : sql_buddy
    • Published: Jun. 18, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293639 Results