Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2021-1592

    A vulnerability in the way Cisco UCS Manager software handles SSH sessions could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper resource management for esta... Read more

    • Published: Aug. 25, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-21189

    Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.... Read more

    Affected Products : fedora debian_linux chrome
    • Published: Mar. 09, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-47037

    We failed to apply CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then.  Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail value... Read more

    Affected Products : airflow
    • Published: Nov. 12, 2023
    • Modified: Feb. 13, 2025

  • 4.3

    MEDIUM
    CVE-2021-21183

    Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.... Read more

    Affected Products : fedora debian_linux chrome
    • Published: Mar. 09, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-21187

    Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.... Read more

    Affected Products : fedora debian_linux chrome
    • Published: Mar. 09, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-7428

    ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.... Read more

    Affected Products : ntp
    • Published: Jan. 13, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2005-0317

    Cross-site scripting (XSS) vulnerability in useredit_account.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the user parameter.... Read more

    Affected Products : webadmin
    • Published: Jan. 28, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2013-5849

    Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to AWT.... Read more

    Affected Products : jdk jre jre jdk
    • Published: Oct. 16, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2016-7429

    NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the ... Read more

    Affected Products : ntp
    • Published: Jan. 13, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2021-21185

    Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72 allowed an attacker who convinced a user to install a malicious extension to obtain sensitive information via a crafted Chrome Extension.... Read more

    Affected Products : fedora debian_linux chrome
    • Published: Mar. 09, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-4388

    The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection ... Read more

    Affected Products : ubuntu_linux debian_linux php
    • Published: Sep. 07, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-4099

    The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13065.... Read more

    Affected Products : nx-os nx-os
    • Published: Oct. 14, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-3986

    Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attack... Read more

    • Published: Oct. 10, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-3546

    org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placi... Read more

    Affected Products : tomcat
    • Published: Dec. 19, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2005-0645

    Cross-site scripting (XSS) vulnerability in show.inc.php in cuteNews 1.3.6 allows remote attackers to inject arbitrary HTML, web script, and PHP code via the (1) CLIENT-IP or (2) X-FORWARDED-FOR header in an HTTP POST request to show_news.php.... Read more

    Affected Products : cutenews
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2012-2667

    Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed session classes."... Read more

    Affected Products : symfony
    • Published: Jun. 07, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-2520

    Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, ... Read more

    • Published: Oct. 09, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-2417

    PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key... Read more

    Affected Products : pycrypto
    • Published: Jun. 17, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2005-0777

    Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP 5.0 RC3 allow remote attackers to inject arbitrary web script or HTML via (1) the check_tags function or (2) the editbio field in the user profile.... Read more

    Affected Products : photopost_php_pro
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2021-21228

    Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.... Read more

    Affected Products : fedora debian_linux chrome
    • Published: Apr. 30, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293508 Results