Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2015-3622

    The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.... Read more

    Affected Products : fedora opensuse libtasn1
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2007-5211

    Multiple cross-site scripting (XSS) vulnerabilities in Arbor Networks Peakflow SP 3.5.1 before patch 14, and 3.6.1 before patch 5, when scope accounts are enabled, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors invol... Read more

    Affected Products : peakflow_sp
    • Published: Oct. 04, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2012-6086

    libs/zbxmedia/eztexting.c in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.8rc1, and 2.1.x before 2.1.2 does not properly set the CURLOPT_SSL_VERIFYHOST option for libcurl, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary v... Read more

    Affected Products : zabbix
    • Published: Jan. 29, 2014
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2019-13703

    Insufficient policy enforcement in the Omnibox in Google Chrome on Android prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.... Read more

    Affected Products : chrome backports_sle
    • Published: Nov. 25, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-11743

    Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. This resulted in potential cross-or... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Sep. 27, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-9270

    Cross-site scripting (XSS) vulnerability in the projax_array_serialize_for_autocomplete function in core/projax_api.php in MantisBT 1.1.0a3 through 1.2.17 allows remote attackers to inject arbitrary web script or HTML via the "profile/Platform" field.... Read more

    Affected Products : mantisbt
    • Published: Dec. 08, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1686

    The Microsoft (1) VBScript 5.6 through 5.8 and (2) JScript 5.6 through 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript and JScr... Read more

    Affected Products : internet_explorer vbscript
    • Published: May. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2007-5582

    Cross-site scripting (XSS) vulnerability in the login page in Cisco CiscoWorks Server (CS), possibly 2.6 and earlier, when using CiscoWorks Common Services 3.0.x and 3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vecto... Read more

    Affected Products : ciscoworks_server
    • Published: Dec. 15, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-5577

    Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Section Name form fields in the Section Manager component, or (3) multiple un... Read more

    Affected Products : joomla\! joomla
    • Published: Oct. 18, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-5624

    Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts.... Read more

    Affected Products : nagios
    • Published: Oct. 23, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2017-5075

    Inappropriate implementation in CSP reporting in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to obtain the value of url fragments via a crafted HTML page.... Read more

    • Published: Oct. 27, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2007-5276

    Opera 9 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on... Read more

    Affected Products : opera_browser
    • Published: Oct. 08, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2019-11695

    A custom cursor defined by scripting on a site can position itself over the addressbar to spoof the actual cursor when it should not be allowed outside of the primary web content area. This could be used by a malicious site to trick users into clicking on... Read more

    Affected Products : firefox
    • Published: Jul. 23, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-5040

    V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android was missing a neutering check, which allowed a remote attacker to read values in memory via a crafted HTML page.... Read more

    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2007-5214

    Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to the default URI associated with a directory, as ... Read more

    Affected Products : 2100_network_camera
    • Published: Oct. 04, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2015-7830

    The pcapng_read_if_descr_block function in wiretap/pcapng.c in the pcapng parser in Wireshark 1.12.x before 1.12.8 uses too many levels of pointer indirection, which allows remote attackers to cause a denial of service (incorrect free and application cras... Read more

    Affected Products : wireshark solaris
    • Published: Nov. 15, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2007-5278

    Zomplog 3.8.1 and earlier stores potentially sensitive information under the web root with insufficient access control, which allows remote attackers to download files that were uploaded by users, as demonstrated by obtaining a directory listing via a dir... Read more

    Affected Products : zomplog
    • Published: Oct. 08, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-51309

    A lack of rate limiting in the 'Email Settings' feature of PHPJabbers Car Park Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e... Read more

    Affected Products : car_park_booking_system
    • Published: Feb. 20, 2025
    • Modified: Jun. 05, 2025
    • Vuln Type: Denial of Service

  • 4.3

    MEDIUM
    CVE-2015-7941

    libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections ... Read more

    Affected Products : ubuntu_linux libxml2
    • Published: Nov. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-7519

    agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by usin... Read more

    Affected Products : passenger phusion_passenger
    • Published: Jan. 08, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 293609 Results