Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2015-5781

    ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted PNG image.... Read more

    Affected Products : mac_os_x iphone_os
    • Published: Aug. 17, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-37167

    Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users are able to see backlog items that they should not see. This issue has been patched in Tuleap Community Edition version 15.9.99.97.... Read more

    Affected Products : tuleap
    • Published: Jun. 25, 2024
    • Modified: Aug. 22, 2025

  • 4.3

    MEDIUM
    CVE-2023-50738

    A new feature to prevent Firmware downgrades was recently added to some Lexmark products. A method to override this downgrade protection has been identified.... Read more

    Affected Products :
    • Published: Jan. 17, 2025
    • Modified: Jan. 17, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2019-11754

    When the pointer lock is enabled by a website though requestPointerLock(), no user notification is given. This could allow a malicious website to hijack the mouse pointer and confuse users. This vulnerability affects Firefox < 69.0.1.... Read more

    Affected Products : firefox
    • Published: Sep. 27, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-5266

    Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image that prevents a name f... Read more

    Affected Products : libpng
    • Published: Oct. 08, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2019-12938

    The Roundcube component of Analogic Poste.io 2.1.6 uses .htaccess to protect the logs/ folder, which is effective with the Apache HTTP Server but is ineffective with nginx. Attackers can read logs via the webmail/logs/sendmail URI.... Read more

    Affected Products : poste.io
    • Published: Jun. 24, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-2730

    Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which make... Read more

    • Published: Jul. 06, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2023-50769

    Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturi... Read more

    Affected Products : nexus_platform
    • Published: Dec. 13, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-2576

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. This allowed a developer to remove the CODEOWNERS rules a... Read more

    Affected Products : gitlab
    • Published: Jul. 13, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-2270

    lib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4, when the theme uses the blocks-regions feature, establishes the course state at an incorrect point in the login-validation process, which allows rem... Read more

    Affected Products : moodle
    • Published: Jun. 01, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-5571

    Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 do not properly restrict the... Read more

    • Published: Sep. 22, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4407

    IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls.... Read more

    Affected Products : mac_os_x iphone_os tvos
    • Published: Sep. 18, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-5824

    The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly verify X.509 certificates from SSL servers after a certificate change, which allows man-in-the-middle attackers to spoof servers and obtain sensitive informati... Read more

    Affected Products : mac_os_x iphone_os watchos
    • Published: Sep. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2007-5575

    Cross-site request forgery (CSRF) vulnerability in 1024 CMS 1.2.5 allows remote attackers to perform some actions as administrators, as demonstrated by (1) an unspecified action that creates a file containing PHP code and (2) unspecified use of the forum ... Read more

    Affected Products : 1024_cms
    • Published: Oct. 18, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2015-2053

    The log viewer in McAfee Agent (MA) before 4.8.0 Patch 3 and 5.0.0, when the "Accept connections only from the ePO server" option is disabled, allows remote attackers to conduct clickjacking attacks via a crafted web page, aka an "http-generic-click-jacki... Read more

    Affected Products : mcafee_agent
    • Published: Feb. 23, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2007-4830

    Cross-site scripting (XSS) vulnerability in CMD_BANDWIDTH_BREAKDOWN in DirectAdmin 1.30.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter.... Read more

    Affected Products : directadmin
    • Published: Sep. 12, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2014-1695

    Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email.... Read more

    Affected Products : otrs
    • Published: Mar. 01, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2007-5624

    Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts.... Read more

    Affected Products : nagios
    • Published: Oct. 23, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2013-1693

    The SVG filter implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to read pixel values, and possibly bypass the Same Origin Policy and re... Read more

    • Published: Jun. 26, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2023-50762

    When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header s... Read more

    Affected Products : thunderbird debian_linux
    • Published: Dec. 19, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293983 Results