Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2009-5017

    Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong UTF-8 encoding, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted string, a different vulnerability than CVE-2010-1210.... Read more

    Affected Products : firefox
    • Published: Nov. 12, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-22256

    VMware Cloud Director contains a partial information disclosure vulnerability. A malicious actor can potentially gather information about organization names based on the behavior of the instance.... Read more

    Affected Products : cloud_director
    • Published: Mar. 07, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-6131

    Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1.... Read more

    Affected Products : roundup
    • Published: Apr. 11, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-3333

    CRLF injection vulnerability in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks v... Read more

    • Published: May. 26, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-6082

    Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link.... Read more

    Affected Products : moinmoin
    • Published: Jan. 03, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-6040

    Cross-site scripting (XSS) vulnerability in users.php in File King Advanced File Management 1.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter.... Read more

    • Published: Nov. 26, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-0589

    Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587, and CVE-2012-0588.... Read more

    Affected Products : iphone_os
    • Published: Mar. 08, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-3037

    The Siemens SIMATIC S7-1200 2.x PLC does not properly protect the private key of the SIMATIC CONTROLLER Certification Authority certificate, which allows remote attackers to spoof the S7-1200 web server by using this key to create a forged certificate.... Read more

    • Published: Sep. 25, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-5491

    z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id.... Read more

    Affected Products : plone
    • Published: Sep. 30, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-4939

    Cross-site scripting (XSS) vulnerability in IPAMSummaryView.aspx in the IPAM web interface before 3.0-HotFix1 in SolarWinds Orion Network Performance Monitor might allow remote attackers to inject arbitrary web script or HTML via the "Search for an IP add... Read more

    • Published: Oct. 31, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2019-9179

    An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It allows Information Exposure (issue 5 of 5).... Read more

    Affected Products : gitlab
    • Published: Apr. 17, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-0163

    Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly execu... Read more

    Affected Products : thunderbird seamonkey
    • Published: Mar. 23, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-1612

    The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorr... Read more

    Affected Products : squid
    • Published: Apr. 01, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2012-3458

    Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors.... Read more

    Affected Products : beaker
    • Published: Sep. 15, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-3340

    IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to XML external entity injection, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ... Read more

    Affected Products : infosphere_guardium
    • Published: Sep. 01, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-17002

    If upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https. This vulnerability affects Firefox < 70.... Read more

    Affected Products : firefox
    • Published: Jan. 08, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-4007

    The mixi application before 4.3.0 for Android allows remote attackers to read potentially sensitive information in friends' comments via a crafted application that leverages the storage of these comments on an SD card.... Read more

    Affected Products : android mixi
    • Published: Aug. 17, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-4043

    Cross-site scripting (XSS) vulnerability in global-protect/login.esp in Palo Alto Networks Global Protect Portal, Global Protect Gateway, and SSL VPN portals 3.1.x through 3.1.11 and 4.0.x through 4.0.5 allows remote attackers to inject arbitrary web scri... Read more

    • Published: Jul. 26, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-5990

    Multiple cross-site scripting (XSS) vulnerabilities in Health Monitor Login pages in Cisco Prime Network Control System (NCS) and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ... Read more

    • Published: Sep. 06, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-4928

    Cross-site scripting (XSS) vulnerability in ow_updates/index.php in Oxwall 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the plugin parameter.... Read more

    Affected Products : oxwall
    • Published: Sep. 15, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 293414 Results