Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2013-4492

    Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call.... Read more

    Affected Products : i18n
    • Published: Dec. 07, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-4567

    Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via a \b (backspace) character in CSS.... Read more

    Affected Products : mediawiki
    • Published: Dec. 13, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2023-24451

    A missing permission check in Jenkins Cisco Spark Notifier Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.... Read more

    Affected Products : cisco_spark
    • Published: Jan. 26, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-5190

    Multiple cross-site scripting (XSS) vulnerabilities in Alcatel OmniVista 4760 R4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the action parameter to php-bin/Webclient.php or (2) the Langue parameter to the default U... Read more

    Affected Products : omnivista
    • Published: Oct. 22, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2016-1958

    browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL.... Read more

    Affected Products : firefox firefox_esr linux opensuse
    • Published: Mar. 13, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-5131

    Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : iphone_os
    • Published: Sep. 19, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2019-12432

    An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Non-member users who subscribed to issue notifications could access the title of confidential issues through the unsubscription page. It allows Information Disclosure.... Read more

    Affected Products : gitlab
    • Published: Mar. 10, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-8453

    Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to ... Read more

    • Published: Dec. 10, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2007-5182

    Cross-site scripting (XSS) vulnerability in mail.asp in Netkamp Emlak Scripti allows remote attackers to inject arbitrary web script or HTML via the (1) Email parameter, and possibly the (2) Ad, (3) Soyad, (4) Konu, and (5) Mesaj parameters to iletisim.as... Read more

    Affected Products : netkamp_emlak_scripti
    • Published: Oct. 03, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-5276

    Opera 9 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on... Read more

    Affected Products : opera_browser
    • Published: Oct. 08, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2013-5417

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote attackers to inject arbitrary web script or HTML via HTTP response data.... Read more

    Affected Products : websphere_application_server
    • Published: Nov. 18, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2007-5259

    Cross-site request forgery (CSRF) vulnerability in Ilient SysAid 4.5.03 and 4.5.04 allows remote attackers to perform some actions as administrators, as demonstrated by changing the administrator password. NOTE: the provenance of this information is unkn... Read more

    Affected Products : sysaid sysaid
    • Published: Oct. 06, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2013-5800

    Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JGSS.... Read more

    Affected Products : jdk jre
    • Published: Oct. 16, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2019-12383

    Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser's UI locale by measuring a button width, even if the user has a "Don't send my language" setting.... Read more

    Affected Products : tor_browser
    • Published: May. 28, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-1686

    The Microsoft (1) VBScript 5.6 through 5.8 and (2) JScript 5.6 through 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript and JScr... Read more

    Affected Products : internet_explorer vbscript
    • Published: May. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2007-2391

    Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 for Windows allows remote attackers to inject arbitrary web script or HTML via a web page that includes a windows.setTimeout function that is activated after the user has moved from the c... Read more

    Affected Products : safari
    • Published: Jun. 14, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-5214

    Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to the default URI associated with a directory, as ... Read more

    Affected Products : 2100_network_camera
    • Published: Oct. 04, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2015-8006

    Cross-site scripting (XSS) vulnerability in the PageTriage toolbar in the PageTriage extension for MediWiki allows remote attackers to inject arbitrary web script or HTML via the page title.... Read more

    Affected Products : pagetriage
    • Published: Nov. 09, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2019-12431

    An issue was discovered in GitLab Community and Enterprise Edition 8.13 through 11.11. Restricted users could access the metadata of private milestones through the Search API. It has Improper Access Control.... Read more

    Affected Products : gitlab
    • Published: Mar. 10, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-5855

    Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a (1) <h:outputText> tag or (2) EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) at... Read more

    Affected Products : mojarra
    • Published: Jul. 17, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293932 Results