Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2023-50876

    Missing Authorization vulnerability in Molongui Molongui allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Molongui: from n/a through 4.7.3.... Read more

    Affected Products :
    • Published: Dec. 09, 2024
    • Modified: Dec. 09, 2024

  • 4.3

    MEDIUM
    CVE-2011-1209

    IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.17 uses a weak WS-Security XML encryption algorithm, which makes it easier for remote attackers to obtain plaintext data from a (1) JAX-RPC or (2) JAX-WS Web Services request ... Read more

    Affected Products : websphere_application_server
    • Published: May. 04, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2019-18461

    An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.3 when a sub group epic is added to a public group. It has Incorrect Access Control.... Read more

    Affected Products : gitlab
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2011-1280

    The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, wh... Read more

    • Published: Jun. 16, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2019-18449

    An issue was discovered in GitLab Community and Enterprise Edition before 12.4 in the autocomplete feature. It has Insecure Permissions (issue 2 of 2).... Read more

    Affected Products : gitlab
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2011-1308

    Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecif... Read more

    Affected Products : websphere_application_server
    • Published: Mar. 08, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2019-18453

    An issue was discovered in GitLab Community and Enterprise Edition 11.6 through 12.4 in the add comments via email feature. It has Insecure Permissions.... Read more

    Affected Products : gitlab
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-18462

    An issue was discovered in GitLab Community and Enterprise Edition 11.3 through 12.4. It has Insecure Permissions.... Read more

    Affected Products : gitlab
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-28208

    A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may send a text from a secondary eSIM despite configuring a contact to use a primary eSIM.... Read more

    Affected Products : macos iphone_os ipad_os ipados
    • Published: Sep. 06, 2023
    • Modified: Dec. 12, 2024

  • 4.3

    MEDIUM
    CVE-2011-1810

    The Cascading Style Sheets (CSS) implementation in Google Chrome before 12.0.742.91 does not properly restrict access to the visit history, which allows remote attackers to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : chrome
    • Published: Jun. 09, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-1811

    Google Chrome before 12.0.742.91 does not properly handle a large number of form submissions, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors.... Read more

    Affected Products : chrome
    • Published: Jun. 09, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-1937

    Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related to useradmin/index.cgi and useradmin/user-lib.pl.... Read more

    Affected Products : webmin
    • Published: May. 31, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-2083

    Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : rt request_tracker
    • Published: Jun. 04, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-1693

    The SVG filter implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to read pixel values, and possibly bypass the Same Origin Policy and re... Read more

    • Published: Jun. 26, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-0438

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.... Read more

    Affected Products : jdk jre jre jdk
    • Published: Feb. 02, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-2192

    The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI r... Read more

    • Published: Jul. 07, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-2381

    CRLF injection vulnerability in Bugzilla 2.17.1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 allows remote attackers to inject arbitrary e-mail headers via an attach... Read more

    Affected Products : bugzilla
    • Published: Aug. 09, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-5668

    FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to BDF fonts and the improper handling of an "allocation error" in the bdf_free_font function.... Read more

    Affected Products : freetype
    • Published: Jan. 24, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-0207

    Multiple cross-site scripting (XSS) vulnerabilities in PRO-Search 0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) prot, (2) host, (3) path, (4) name, (5) ext, (6) size, (7) search_days, or (8) show_page parameter... Read more

    Affected Products : pro_search
    • Published: Jan. 10, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-0205

    Multiple cross-site request forgery (CSRF) vulnerabilities in math-comment-spam-protection.php in the Math Comment Spam Protection 2.1 and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1) mcsp_opt_msg_no... Read more

    • Published: Jan. 10, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 293353 Results