Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2011-2795

    Google Chrome before 13.0.782.107 does not prevent calls to functions in other frames, which allows remote attackers to bypass intended access restrictions via a crafted web site, related to a "cross-frame function leak."... Read more

    Affected Products : chrome
    • Published: Aug. 03, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-6658

    Multiple cross-site scripting (XSS) vulnerabilities in SpiceWorks 5.3.75941 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName configuration in snmpd.conf. NOTE: this entry was SPLIT from... Read more

    Affected Products : spiceworks
    • Published: Sep. 17, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2010-0421

    Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a ... Read more

    Affected Products : pango
    • Published: Mar. 18, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-1896

    mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling... Read more

    • Published: Jul. 10, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-6043

    Cross-site scripting (XSS) vulnerability in downloads.php in PHP-Fusion 7.02.04 allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter.... Read more

    Affected Products : phpfusion php-fusion
    • Published: Nov. 26, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-0001

    The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser ... Read more

    • Published: Jan. 09, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-3001

    Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Sep. 29, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-1879

    Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."... Read more

    Affected Products : activemq
    • Published: Jul. 20, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-5314

    Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted JPEG file, related to the cli_check_jpeg_exploit, jpeg_check_photoshop, and jpeg_check_photosh... Read more

    Affected Products : clamav
    • Published: Dec. 03, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2018-8578

    An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka "Microsoft SharePoint Information Disclosure Vulnerability." This affects Microsoft SharePoint... Read more

    • Published: Nov. 14, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2008-5432

    Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 before 1.7.6, 1.8 before 1.8.7, and 1.9 before 1.9.3 allows remote attackers to inject arbitrary web script or HTML via a Wiki page name (aka page title).... Read more

    Affected Products : moodle
    • Published: Dec. 11, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2013-1228

    Cisco Jabber on Windows does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify the client-server data stream via a crafted certificate, aka Bug ID CSCug30280.... Read more

    Affected Products : jabber
    • Published: Sep. 06, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2017-5017

    Interactions with the OS in Google Chrome prior to 56.0.2924.76 for Mac insufficiently cleared video memory, which allowed a remote attacker to possibly extract image fragments on systems with GeForce 8600M graphics chips via a crafted HTML page.... Read more

    Affected Products : chrome
    • Published: Feb. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2007-6637

    Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted SWF file, related to "pre-generated SWF files" and Adobe Dreamweaver CS3 or Adobe Acrobat Connect. NOTE:... Read more

    Affected Products : flash_player
    • Published: Jan. 04, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2012-2247

    Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to artefact/file/ and a crafted SVG file.... Read more

    Affected Products : mahara
    • Published: Nov. 24, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-5889

    Cross-site scripting (XSS) vulnerability in the powermail extension before 1.6.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : typo3 powermail powermail
    • Published: Nov. 17, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-0576

    Cross-site scripting (XSS) vulnerability in the Tivoli Enterprise Portal browser client in IBM Tivoli Monitoring 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP02 allows remote attackers to inject arbitrary web script or H... Read more

    Affected Products : tivoli_monitoring
    • Published: May. 28, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-0459

    Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D.... Read more

    Affected Products : ubuntu_linux debian_linux jdk jre
    • Published: Apr. 16, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-2304

    The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an entity access module, does not check permissions when searching for entities, which allows remote attackers to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : drupal linkit
    • Published: Aug. 14, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-0240

    /idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via the helpUrl parameter, aka "frame injection."... Read more

    Affected Products : java_system_identity_manager
    • Published: Jan. 11, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 294470 Results