Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2023-42016

    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a us... Read more

    Affected Products : sterling_b2b_integrator
    • Published: Feb. 09, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-5888

    Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter.... Read more

    • Published: Nov. 07, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2018-16738

    tinc 1.0.30 through 1.0.34 has a broken authentication protocol, although there is a partial mitigation. This is fixed in 1.1.... Read more

    Affected Products : debian_linux tinc starwind_virtual_san
    • Published: Oct. 10, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2006-6012

    Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in MGinternet Car Site Manager (CSM) allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: the provenance of this information is unknown; the details are... Read more

    Affected Products : car_site_manager
    • Published: Nov. 21, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-44689

    e-Gov Client Application (Windows version) versions prior to 2.1.1.0 and e-Gov Client Application (macOS version) versions prior to 1.1.1.0 are vulnerable to improper authorization in handler for custom URL scheme. A crafted URL may direct the product to ... Read more

    Affected Products : e-gov
    • Published: Oct. 11, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-0740

    Incorrect authorization in the Asana integration's branch restriction feature in all versions of GitLab CE/EE starting from version 7.8.0 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 makes it ... Read more

    Affected Products : gitlab
    • Published: Apr. 04, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-5225

    Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled form actions, which allowed a remote attacker to bypass Content Security Policy via a crafted HTML page.... Read more

    Affected Products : chrome
    • Published: Jan. 19, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2006-5859

    Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, Topnav.... Read more

    Affected Products : coldfusion
    • Published: Feb. 14, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-5860

    Cross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.... Read more

    Affected Products : coldfusion jrun
    • Published: Feb. 14, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2018-0998

    An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0892.... Read more

    Affected Products : edge windows_10 windows_server_2016
    • Published: Apr. 12, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2006-3558

    Multiple cross-site scripting (XSS) vulnerabilities in Arif Supriyanto auraCMS 1.62 allow remote attackers to inject arbitrary web script or HTML via (1) the judul_artikel parameter in teman.php and (2) the title of an article sent to admin, which is disp... Read more

    Affected Products : auracms
    • Published: Jul. 13, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2017-5041

    Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward navigation, which allowed a remote attacker to display incorrect information for a site via a crafted HTML page.... Read more

    Affected Products : chrome
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2006-4087

    Cross-site scripting (XSS) vulnerability in admin.cgi in mojoscripts.com mojoGallery allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained ... Read more

    Affected Products : mojogallery
    • Published: Aug. 11, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-4017

    Cross-site scripting (XSS) vulnerability in the search module in Inter Network Marketing (INM) CMS G3 allows remote attackers to inject arbitrary web script or HTML via the search_string parameter.... Read more

    Affected Products : g3_content_management_system
    • Published: Aug. 07, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-5652

    Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging Server Messenger Express allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated by setting the width style for an I... Read more

    • Published: Nov. 03, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2022-22935

    An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonating a master.... Read more

    Affected Products : salt
    • Published: Mar. 29, 2022
    • Modified: May. 05, 2025

  • 4.3

    MEDIUM
    CVE-2015-7042

    The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7040, CVE-2015-7041, and CVE-2015-7043.... Read more

    Affected Products : mac_os_x iphone_os tvos watchos
    • Published: Dec. 11, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2006-5963

    Directory traversal vulnerability in PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221 allows user-assisted remote attackers to extract files to arbitrary pathnames via a ../ (dot dot slash) in a filename.... Read more

    Affected Products : pentasuite-pro pentazip
    • Published: Jan. 19, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2011-4353

    The (1) av_image_fill_pointers, (2) vp5_parse_coeff, and (3) vp6_parse_coeff functions in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.... Read more

    Affected Products : ffmpeg libav
    • Published: Aug. 20, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2018-2901

    Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via DHCP to co... Read more

    Affected Products : solaris solaris
    • Published: Jul. 18, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293605 Results