Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2014-4070

    Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Lync XSS Information Disclosure Vulnerability."... Read more

    Affected Products : lync_server
    • Published: Sep. 10, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-2907

    The srtp_add_address function in epan/dissectors/packet-rtp.c in the RTP dissector in Wireshark 1.10.x before 1.10.7 does not properly update SRTP conversation data, which allows remote attackers to cause a denial of service (application crash) via a craf... Read more

    Affected Products : wireshark
    • Published: Apr. 24, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2011-2597

    The Lucent/Ascend file parser in Wireshark 1.2.x before 1.2.18, 1.4.x through 1.4.7, and 1.6.0 allows remote attackers to cause a denial of service (infinite loop) via malformed packets.... Read more

    Affected Products : wireshark
    • Published: Jul. 07, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-2983

    Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data from ... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Aug. 18, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2016-1626

    The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in PDFium in Google Chrome before 48.0.2564.109, miscalculates a certain layer index value, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PD... Read more

    Affected Products : debian_linux chrome opensuse
    • Published: Feb. 14, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2011-2938

    Multiple cross-site scripting (XSS) vulnerabilities in filter_api.php in MantisBT before 1.2.7 allow remote attackers to inject arbitrary web script or HTML via a parameter, as demonstrated by the project_id parameter to search.php.... Read more

    Affected Products : mantisbt
    • Published: Sep. 21, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2021-21187

    Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.... Read more

    Affected Products : fedora debian_linux chrome
    • Published: Mar. 09, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-21183

    Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.... Read more

    Affected Products : fedora debian_linux chrome
    • Published: Mar. 09, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-3146

    Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme to the clean_html function.... Read more

    Affected Products : lxml
    • Published: May. 14, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2007-2449

    Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attacker... Read more

    Affected Products : tomcat
    • Published: Jun. 14, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2024-47159

    In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project... Read more

    Affected Products : youtrack
    • Published: Sep. 19, 2024
    • Modified: Sep. 24, 2024

  • 4.3

    MEDIUM
    CVE-2014-6559

    Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.... Read more

    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2011-4237

    CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks Common Services 4.0, as used in Cisco Prime LAN Management Solution and other products, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks ... Read more

    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2016-4620

    The Sandbox Profiles component in Apple iOS before 10 does not properly restrict access to directory metadata for SMS draft directories, which allows attackers to discover text-message recipients via a crafted app.... Read more

    Affected Products : iphone_os
    • Published: Sep. 18, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-1664

    The HistoryController::UpdateForCommit function in content/renderer/history_controller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and other forward navigations, which allows remote attackers to ... Read more

    • Published: May. 14, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2011-1948

    Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : plone
    • Published: Jun. 06, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-5466

    Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4, 6.0.x before 6.0.7, and 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : splunk
    • Published: Dec. 16, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-6189

    Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds.... Read more

    Affected Products : sogo
    • Published: Feb. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-6610

    A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15... Read more

    Affected Products : phpmyadmin
    • Published: Dec. 11, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2011-4696

    Directory traversal vulnerability in Eye-Fi Helper before 3.4.23 allows man-in-the-middle attackers to create arbitrary files via a .. (dot dot) in the filesignature in a GetPhotoStatus request.... Read more

    Affected Products : eye-fi_helper
    • Published: Mar. 03, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 294282 Results