Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2015-0664

    The IPC channel in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary userspace memory locations, and consequently gain privileges, via crafted messages, aka Bug ID CSCus79195.... Read more

    Affected Products : anyconnect_secure_mobility_client
    • Published: Mar. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-0668

    Cross-site scripting (XSS) vulnerability in the administration portal in Cisco WebEx Meetings Server 2.5 and 2.5.99.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuq66737.... Read more

    Affected Products : webex_meetings_server
    • Published: Mar. 20, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-0690

    Cross-site scripting (XSS) vulnerability in the HTML help system on Cisco Wireless LAN Controller (WLC) devices before 8.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCun95178.... Read more

    Affected Products : wireless_lan_controller_software
    • Published: Apr. 07, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-0869

    Cross-site scripting (XSS) vulnerability in fup in Frams' Fast File EXchange (F*EX, aka fex) before 20120215 allows remote attackers to inject arbitrary web script or HTML via the id parameter.... Read more

    Affected Products : fex
    • Published: Sep. 25, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-32102

    Cross-Site Request Forgery (CSRF) vulnerability in Scott Kingsley Clark Crony Cronjob Manager.This issue affects Crony Cronjob Manager: from n/a through 0.5.0. ... Read more

    Affected Products :
    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-4547

    Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown impact and attack vectors.... Read more

    Affected Products : awstats
    • Published: Oct. 31, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-5943

    SecurityAgent in Apple OS X before 10.11.1 does not prevent synthetic clicks from reaching keychain windows, which allows attackers to bypass intended access restrictions via a crafted app.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Oct. 23, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-5144

    Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an... Read more

    Affected Products : ubuntu_linux debian_linux solaris django
    • Published: Jul. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-5916

    The Apple Pay component in Apple iOS before 9 allows remote terminals to obtain sensitive recent-transaction information during payments by leveraging the transaction-log feature.... Read more

    Affected Products : iphone_os watchos
    • Published: Sep. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2007-0012

    Sun JRE 5.0 before update 14 allows remote attackers to cause a denial of service (Internet Explorer crash) via an object tag with an encoded applet and an undefined name attribute, which triggers a NULL pointer dereference in jpiexp32.dll when the applet... Read more

    Affected Products : jre
    • Published: Jan. 09, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2005-0616

    Multiple cross-site scripting (XSS) vulnerabilities in the Download module for PostNuke 0.750 and 0.760-RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) Program name, (2) File link, (3) Author name (4) Author e-mail address, (... Read more

    Affected Products : postnuke_phoenix
    • Published: Feb. 28, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2015-2220

    Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms plugin before 2.8.9 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the ninja_forms_field_1 parameter in a ninja_forms_ajax_submit action to wp-admi... Read more

    Affected Products : ninja_forms
    • Published: Mar. 05, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2029

    Session fixation vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to hijack web sessions via a session identifier.... Read more

    Affected Products : websphere_extreme_scale
    • Published: Oct. 04, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-5051

    IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access rest... Read more

    • Published: Jan. 03, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2010-0779

    Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecifi... Read more

    Affected Products : websphere_application_server
    • Published: Jun. 24, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2005-0842

    Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) _i or (2) _c parameter.... Read more

    Affected Products : esupport
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2015-5178

    The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a c... Read more

    • Published: Oct. 27, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2020-6529

    Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to leak cross-origin data via a crafted HTML page.... Read more

    • Published: Jul. 22, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-6303

    The Cisco Spark application 2015-07-04 for mobile operating systems does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, aka Bug... Read more

    Affected Products : spark
    • Published: Sep. 24, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2005-0219

    Multiple cross-site scripting (XSS) vulnerabilities in Gallery 1.3.4-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the index field in add_comment.php, (2) set_albumName, (3) slide_index, (4) slide_full, (5) slide_loop, (6) slid... Read more

    Affected Products : gallery
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 293684 Results