Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2012-0850

    The sbr_qmf_synthesis function in libavcodec/aacsbr.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via a crafted mpg file that triggers memory corruption involving the v_off variable, probably a buffer un... Read more

    Affected Products : ffmpeg
    • Published: Aug. 20, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-0765

    Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp 8 and 9 for Word allow remote attackers to inject arbitrary web script or HTML via a crafted URL, related to certain .htm files in (1) template_stock and (2) template_csh directories.... Read more

    Affected Products : word windows robohelp
    • Published: Feb. 15, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-3684

    Multiple cross-site scripting (XSS) vulnerabilities in Tembria Server Monitor before 6.0.5 Build 2252 allow remote attackers to inject arbitrary web script or HTML via (1) the siteid parameter to logbook.asp, (2) the siteid parameter to monitor-events.asp... Read more

    Affected Products : server_monitor
    • Published: Sep. 27, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-0782

    Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dbhost, (2) dbname, or (3) uname parame... Read more

    Affected Products : wordpress
    • Published: Jan. 30, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-0446

    Multiple cross-site scripting (XSS) vulnerabilities in the mail_to helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) name or (2) e... Read more

    Affected Products : rails actionpack
    • Published: Feb. 14, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-3686

    Multiple cross-site scripting (XSS) vulnerabilities in myAddressBook.asp in Sonexis ConferenceManager 9.2.11.0 and 9.3.14.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fname, (2) lname, (3) email_edit, (4) email, (5) email2, ... Read more

    Affected Products : conferencemanager
    • Published: Sep. 27, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-3639

    The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a ... Read more

    • Published: Nov. 30, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-1429

    The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee ... Read more

    • Published: Mar. 21, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-0505

    Multiple cross-site scripting (XSS) vulnerabilities in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters.... Read more

    • Published: Jan. 31, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2020-1724

    A flaw was found in Keycloak in versions before 9.0.2. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section.... Read more

    • Published: May. 11, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2009-2055

    Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009.... Read more

    Affected Products : ios_xr
    • Actively Exploited
    • Published: Aug. 19, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2012-1512

    Cross-site scripting (XSS) vulnerability in the internal browser in vSphere Client in VMware vSphere 4.1 before Update 2 and 5.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via a crafted log-file entry.... Read more

    Affected Products : vsphere
    • Published: Mar. 16, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2018-2940

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Easily exploitable vulnerability allows unauth... Read more

    • Published: Jul. 18, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-0799

    Moodle 2.0.x before 2.0.7 and 2.1.x before 2.1.4, when an anonymous front-page forum is enabled, allows remote attackers to obtain session keys for their sessions by visiting the front page.... Read more

    Affected Products : moodle
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-18974

    Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers to cause a denial of service via 'crc64i' in the component 'nasmlib/crc64'. This issue is different than CVE-2019-7147.... Read more

    Affected Products : netwide_assembler
    • Published: Aug. 25, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-0881

    CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response.... Read more

    Affected Products : squid
    • Published: Feb. 20, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2008-1241

    GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remote attackers to spoof form elements and redirect user inputs via a borderless XUL pop-up window from a background tab.... Read more

    Affected Products : firefox seamonkey
    • Published: Mar. 27, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-5448

    Madwifi 0.9.3.2 and earlier allows remote attackers to cause a denial of service (panic) via a beacon frame with a large length value in the extended supported rates (xrates) element, which triggers an assertion error, related to net80211/ieee80211_scan_a... Read more

    Affected Products : madwifi
    • Published: Oct. 14, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2012-0849

    Integer overflow in the ff_j2k_dwt_init function in libavcodec/j2k_dwt.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted JPEG2000 image that triggers an incorrect check f... Read more

    Affected Products : ffmpeg
    • Published: Aug. 27, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-0834

    Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engine action to cmd.php.... Read more

    Affected Products : phpldapadmin phpldapadmin
    • Published: Feb. 11, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 293423 Results