Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2012-4923

    Multiple cross-site scripting (XSS) vulnerabilities in Endian Firewall 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) createrule parameter to dnat.cgi, (2) addrule parameter to dansguardian.cgi, or (3) PATH_INFO to openvpn_u... Read more

    Affected Products : firewall
    • Published: Sep. 15, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-4116

    The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM media traffic, which allows remote attackers to obtain sensitive information, and consequently complete the authentication process for a server connection, by s... Read more

    Affected Products : unified_computing_system
    • Published: Oct. 19, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-3333

    CRLF injection vulnerability in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks v... Read more

    • Published: May. 26, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-0380

    Unspecified vulnerability in the Oracle Payroll component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to View Payslip.... Read more

    Affected Products : e-business_suite
    • Published: Jan. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-4329

    Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton function in libraries/common.lib.php in the database (db) search script in phpMyAdmin 2.11.x before 2.11.11.1 and 3.x before 3.3.8.1 allows remote attackers to inject arbitrary web script or... Read more

    Affected Products : phpmyadmin
    • Published: Dec. 02, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-6107

    Apache Axis2/C does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certific... Read more

    Affected Products : apache_axis2\/c
    • Published: Sep. 29, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-3327

    Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.... Read more

    • Published: Feb. 20, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-3293

    Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1 allows remote attackers to inject arbitrary web s... Read more

    Affected Products : websphere_application_server
    • Published: Aug. 21, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-4825

    Multiple cross-site scripting (XSS) vulnerabilities in servlet/traveler/ILNT.mobileconfig in IBM Lotus Notes Traveler before 8.5.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) userId or (2) address parameter in a getClientCo... Read more

    Affected Products : lotus_notes_traveler notes_traveler
    • Published: Oct. 08, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-6658

    Multiple cross-site scripting (XSS) vulnerabilities in SpiceWorks 5.3.75941 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName configuration in snmpd.conf. NOTE: this entry was SPLIT from... Read more

    Affected Products : spiceworks
    • Published: Sep. 17, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-6097

    File descriptor leak in cronie 1.4.8, when running in certain environments, might allow local users to read restricted files, as demonstrated by reading /etc/crontab.... Read more

    Affected Products : cronie
    • Published: Apr. 09, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-4146

    Opera before 12.01 allows remote attackers to cause a denial of service (application crash) via a crafted web site, as demonstrated by the Lenovo "Shop now" page.... Read more

    Affected Products : opera_browser
    • Published: Aug. 06, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-4242

    Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page.... Read more

    Affected Products : wordpress mf_gig_calendar
    • Published: Oct. 01, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-0459

    Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or... Read more

    Affected Products : websphere_application_server
    • Published: Jan. 27, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-5305

    Cross-site scripting (XSS) vulnerability in CMD_DOMAIN in JBMC Software DirectAdmin 1.403 allows remote attackers to inject arbitrary web script or HTML via the domain parameter.... Read more

    Affected Products : directadmin
    • Published: Oct. 06, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-21684

    There is a low severity open redirect vulnerability within affected versions of Bitbucket Data Center. Versions of Bitbucket DC from 8.0.0 to 8.9.12 and 8.19.0 to 8.19.1 are affected by this vulnerability. It is patched in 8.9.13 and 8.19.2. This open re... Read more

    Affected Products : bitbucket_data_center
    • Published: Jul. 24, 2024
    • Modified: Jul. 30, 2025

  • 4.3

    MEDIUM
    CVE-2012-5163

    Cross-site scripting (XSS) vulnerability in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an enable_category action to index.php.... Read more

    Affected Products : osclass
    • Published: Sep. 26, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-5157

    Google Chrome before 24.0.1312.52 does not properly handle image data in PDF documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.... Read more

    Affected Products : chrome
    • Published: Jan. 15, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-0538

    Cross-site scripting (XSS) vulnerability in IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element in an HTML e-mail message, aka SPRs JMOY95BLM6 ... Read more

    Affected Products : lotus_notes notes
    • Published: May. 01, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-4189

    Cross-site scripting (XSS) vulnerability in Bugzilla 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a ta... Read more

    Affected Products : bugzilla
    • Published: Nov. 16, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 294837 Results