Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2015-4476

    Mozilla Firefox before 41.0 on Android allows user-assisted remote attackers to spoof address-bar attributes by leveraging lack of navigation after a paste of a URL with a nonstandard scheme, as demonstrated by spoofing an SSL attribute.... Read more

    Affected Products : android firefox
    • Published: Sep. 24, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2781

    Cross-site scripting (XSS) vulnerability in cgi-bin/hotspotlogin.cgi in Hotspot Express hotEx Billing Manager 73 allows remote attackers to inject arbitrary web script or HTML via the reply parameter.... Read more

    Affected Products : hotex_billing_manager
    • Published: Apr. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2010-1388

    WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6, and before 4.1 on Mac OS X 10.4, does not properly handle clipboard (1) drag and (2) paste operations for URLs, which allows user-assisted remote attackers to read arbitrary files via a craf... Read more

    • Published: Jun. 11, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-4050

    FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote at... Read more

    Affected Products : symfony
    • Published: Jun. 02, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-32001

    SpiceDB is a graph database purpose-built for storing and evaluating access control data. Use of a relation of the form: `relation folder: folder | folder#parent` with an arrow such as `folder->view` can cause LookupSubjects to only return the subjects fo... Read more

    Affected Products : spicedb
    • Published: Apr. 10, 2024
    • Modified: Sep. 02, 2025

  • 4.3

    MEDIUM
    CVE-2008-1008

    Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via the document.domain property.... Read more

    Affected Products : safari
    • Published: Mar. 19, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2014-8619

    Cross-site scripting (XSS) vulnerability in the autolearn configuration page in Fortinet FortiWeb 5.1.2 through 5.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : fortiweb
    • Published: May. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2008-3106

    Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier allows remote attackers to access URLs via unknown vectors involving processing of XML data by an untrusted (1)... Read more

    Affected Products : jre jdk
    • Published: Jul. 09, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2015-0344

    Cross-site scripting (XSS) vulnerability in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : connect
    • Published: Jun. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-5375

    Cross-site scripting (XSS) vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and OX App Suite before 6.22.8-rev8, 6.22.9 before 6.22.9-rev15m, 7.x before 7.6.1-rev25, and 7.6.2 before 7.6.2-rev20 allows re... Read more

    • Published: Sep. 28, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-9480

    Cross-site scripting (XSS) vulnerability in the Hovercards extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors related to text extracts.... Read more

    Affected Products : mediawiki
    • Published: Jan. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2009-0934

    Cross-site scripting (XSS) vulnerability in ejabberd before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to links and MUC logs.... Read more

    Affected Products : ejabberd
    • Published: Mar. 18, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2015-0369

    Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to AX/HI Web UI.... Read more

    Affected Products : siebel_crm
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-3942

    Multiple cross-site scripting (XSS) vulnerabilities in the web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • Published: Aug. 04, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2023-25766

    A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.... Read more

    Affected Products : azure_credentials
    • Published: Feb. 15, 2023
    • Modified: Mar. 19, 2025

  • 4.3

    MEDIUM
    CVE-2015-0381

    Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382.... Read more

    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2445

    Microsoft Internet Explorer 10 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "ASLR Bypass."... Read more

    Affected Products : internet_explorer
    • Published: Aug. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2020-4322

    IBM Security Secret Server 10.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and po... Read more

    Affected Products : security_secret_server
    • Published: Jun. 24, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-4552

    Cross-site scripting (XSS) vulnerability in the quick edit function in xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the content of a post.... Read more

    Affected Products : mybb
    • Published: Sep. 03, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-1684

    Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Password Policy.... Read more

    Affected Products : sunos solaris
    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 292797 Results