Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2007-6720

    libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attackers ... Read more

    Affected Products : libmikmod
    • Published: Jan. 20, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2015-5921

    WebKit in Apple iOS before 9 mishandles "Content-Disposition: attachment" HTTP headers, which might allow man-in-the-middle attackers to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : iphone_os
    • Published: Sep. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-5920

    The Software Update component in Apple iTunes before 12.3 does not properly handle redirection, which allows man-in-the-middle attackers to discover encrypted SMB credentials via unspecified vectors.... Read more

    Affected Products : itunes
    • Published: Sep. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2008-3106

    Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1)... Read more

    Affected Products : jre jdk
    • Published: Jul. 09, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2020-6338

    SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RH file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caus... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • Published: Sep. 09, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-6350

    SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is cau... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • Published: Sep. 09, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-9480

    Cross-site scripting (XSS) vulnerability in the Hovercards extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors related to text extracts.... Read more

    Affected Products : mediawiki
    • Published: Jan. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-3942

    Multiple cross-site scripting (XSS) vulnerabilities in the web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • Published: Aug. 04, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-1582

    Multiple cross-site scripting (XSS) vulnerabilities in the Spider Facebook plugin before 1.0.11 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the appid parameter in a registration task to the default URI or remote adm... Read more

    Affected Products : spider_facebook
    • Published: Feb. 11, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2021-21228

    Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.... Read more

    Affected Products : fedora debian_linux chrome
    • Published: Apr. 30, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-0125

    Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2... Read more

    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-0068

    Browsers in Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009,... Read more

    Affected Products : edge
    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2021-21185

    Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72 allowed an attacker who convinced a user to install a malicious extension to obtain sensitive information via a crafted Chrome Extension.... Read more

    Affected Products : fedora debian_linux chrome
    • Published: Mar. 09, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-21189

    Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.... Read more

    Affected Products : fedora debian_linux chrome
    • Published: Mar. 09, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-21183

    Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.... Read more

    Affected Products : fedora debian_linux chrome
    • Published: Mar. 09, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-9700

    IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. IBM X-Force ID: 119528.... Read more

    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-0033

    Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0012 and CVE-2017-0069.... Read more

    Affected Products : edge internet_explorer
    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2020-27759

    In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned, which in some cases caused a value outside the range of type `int` to be returned. The flaw could be triggered by a crafted input file under certain cond... Read more

    Affected Products : debian_linux imagemagick
    • Published: Dec. 03, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-3979

    An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that upstream members to collaborate with you on ... Read more

    Affected Products : gitlab
    • Published: Sep. 29, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-2988

    Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated att... Read more

    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 293418 Results