Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2024-3127

    An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. Under certain conditions it may be possible to bypass the IP r... Read more

    Affected Products : gitlab
    • Published: Aug. 22, 2024
    • Modified: Dec. 13, 2024

  • 4.3

    MEDIUM
    CVE-2019-10333

    Missing permission checks in Jenkins ElectricFlow Plugin 1.1.5 and earlier in various HTTP endpoints allowed users with Overall/Read access to obtain information about the Jenkins ElectricFlow Plugin configuration and configuration of connected ElectricFl... Read more

    Affected Products : electricflow
    • Published: Jun. 11, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-5158

    The focus handling for the onkeydown event in Microsoft Internet Explorer 6.0 allows remote attackers to change field focus and copy keystrokes via a certain use of a JavaScript htmlFor attribute, as demonstrated by changing focus from a textarea to a fil... Read more

    Affected Products : internet_explorer
    • Published: Oct. 01, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2019-10322

    A missing permission check in Jenkins Artifactory Plugin 3.2.2 and earlier in ArtifactoryBuilder.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtain... Read more

    Affected Products : artifactory
    • Published: May. 31, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-1811

    An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New".... Read more

    Affected Products : debian_linux mantisbt
    • Published: Nov. 07, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-7424

    IBM InfoSphere Master Data Management (MDM) - Collaborative Edition 9.1, 10.1, 11.0, 11.3, 11.4, and 11.5 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information by leveraging Catalogs access. IBM X-Force I... Read more

    Affected Products : infosphere_master_data_management
    • Published: Mar. 26, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-10319

    A missing permission check in Jenkins PAM Authentication Plugin 1.5 and earlier, except 1.4.1 in PamSecurityRealm.DescriptorImpl#doTest allowed users with Overall/Read permission to obtain limited information about the file /etc/shadow and the user Jenkin... Read more

    Affected Products : pluggable_authentication_module
    • Published: May. 21, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-10163

    A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY mes... Read more

    Affected Products : leap backports authoritative
    • Published: Jul. 30, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-6481

    Unspecified vulnerability in Oracle Solaris 10 and 11 allows remote attackers to affect confidentiality via vectors related to KSSL.... Read more

    Affected Products : sunos solaris
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-1855

    The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n (newline) characters, wh... Read more

    • Published: Mar. 19, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2007-5235

    Cross-site scripting (XSS) vulnerability in index.php in Uebimiau 2.7.2 through 2.7.10 allows remote attackers to inject arbitrary web script or HTML via the f_email parameter. NOTE: the provenance of this information is unknown; the details are obtained... Read more

    Affected Products : uebimiau
    • Published: Oct. 06, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2013-1885

    Multiple cross-site scripting (XSS) vulnerabilities in the token processing system (pki-tps) in Red Hat Certificate System (RHCS) 8.1 and possibly Dogtag Certificate System 9 and 10 allow remote attackers to inject arbitrary web script or HTML via the PAT... Read more

    • Published: Jan. 24, 2014
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2019-10332

    A missing permission check in Jenkins ElectricFlow Plugin 1.1.5 and earlier in Configuration#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials.... Read more

    Affected Products : electricflow
    • Published: Jun. 11, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-1930

    MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues.... Read more

    Affected Products : fedora mantisbt
    • Published: Oct. 31, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-3374

    Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session store, allows remote attackers to obtain sensitive information (user preferences and caches) via unknown vectors, r... Read more

    Affected Products : rt request_tracker
    • Published: Aug. 23, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-8122

    Race condition in JBoss Weld before 2.2.8 and 3.x before 3.0.0 Alpha3 allows remote attackers to obtain information from a previous conversation via vectors related to a stale thread state.... Read more

    Affected Products : jboss_weld
    • Published: Feb. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2019-1010220

    tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "ND_PRINT((ndo, "%s", buf));", in function named "print_prefix", in "print-hncp.c... Read more

    Affected Products : tcpdump
    • Published: Jul. 22, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-6300

    Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cr... Read more

    Affected Products : phpmyadmin opensuse
    • Published: Nov. 08, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-4445

    Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service (crash or abort) via a small "TLS Messag... Read more

    Affected Products : hostapd
    • Published: Oct. 10, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-4230

    The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the (1) encoding directive and (2) valid_elements attribute, which allows attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors... Read more

    Affected Products : tinymce tinymce
    • Published: Apr. 25, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 294358 Results