Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2012-5093

    Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0 allows remote attackers to affect integrity via unknown vectors related to Global Spec Management.... Read more

    Affected Products : supply_chain_products_suite
    • Published: Oct. 17, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-4580

    Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote attackers to inject arbitrary web script or HTML via vectors re... Read more

    • Published: Aug. 22, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-5105

    Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1.2.4 allow remote attackers to inject arbitrary web script or HTML via the dbsel parameter to (1) main.php or (2) index.php; or (3) nsextt parameter to index.php.... Read more

    Affected Products : sqlitemanager
    • Published: Sep. 23, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-1956

    The bytes_repr_len function in Wireshark 1.4.5 uses an incorrect pointer argument, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via arbitrary TCP traffic.... Read more

    Affected Products : wireshark
    • Published: Jun. 06, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-5104

    Cross-site scripting (XSS) vulnerability in forums/ubbthreads.php in UBB.threads 7.5.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the Loginname parameter.... Read more

    Affected Products : ubb.threads
    • Published: Sep. 23, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-5103

    Multiple cross-site scripting (XSS) vulnerabilities in action/add-submit.php in Ggb Guestbook 0.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url or (2) message parameter.... Read more

    Affected Products : gelinsguestbook
    • Published: Sep. 23, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-4596

    Directory traversal vulnerability in McAfee Email Gateway (MEG) 7.0.0 and 7.0.1 allows remote authenticated users to bypass intended access restrictions and download arbitrary files via a crafted URL.... Read more

    Affected Products : email_gateway
    • Published: Aug. 22, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-5187

    The Weathernews Touch application 2.3.2 and earlier for Android allows attackers to obtain sensitive information about logged locations via a crafted application that leverages read permission for system log files.... Read more

    Affected Products : weathernews_touch
    • Published: Feb. 06, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-22256

    VMware Cloud Director contains a partial information disclosure vulnerability. A malicious actor can potentially gather information about organization names based on the behavior of the instance.... Read more

    Affected Products : cloud_director
    • Published: Mar. 07, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-5491

    z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id.... Read more

    Affected Products : plone
    • Published: Sep. 30, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-4679

    Cross-site scripting (XSS) vulnerability in admin/login.php in Newscoop before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the f_user_name parameter.... Read more

    Affected Products : newscoop
    • Published: Aug. 27, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-5455

    Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "typographical error."... Read more

    Affected Products : joomla\!
    • Published: Oct. 22, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-5470

    libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG file.... Read more

    Affected Products : vlc_media_player
    • Published: Oct. 26, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-5500

    The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request.... Read more

    Affected Products : plone
    • Published: Nov. 03, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-5494

    Cross-site scripting (XSS) vulnerability in python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "{u,}translate."... Read more

    Affected Products : plone
    • Published: Sep. 30, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-5531

    Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal in JBoss Enterprise Portal Platform 5.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • Published: Jan. 18, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-5541

    Cross-site scripting (XSS) vulnerability in the Twitter Pull module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.0-rc3 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "data coming from Twitte... Read more

    Affected Products : drupal twitter_pull
    • Published: Dec. 03, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-5507

    AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.... Read more

    Affected Products : plone zope
    • Published: Sep. 30, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2021-30152

    An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When using the MediaWiki API to "protect" a page, a user is currently able to protect to a higher level than they currently have permissions for.... Read more

    Affected Products : fedora debian_linux mediawiki
    • Published: Apr. 09, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-4543

    Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) pageStart or (2) pageSize to the displayCRL script, or (3) nonce variable to th... Read more

    Affected Products : certificate_system
    • Published: Jan. 04, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 293680 Results