Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2015-0634

    Cross-site scripting (XSS) vulnerability in the administrative interface in Cisco WebEx Meetings Server 2.5 and 2.5.0.997 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuq86310.... Read more

    Affected Products : webex_meetings_server
    • Published: May. 15, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2009-4639

    The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) via a crafted AVI file that triggers a divide-by-zero error.... Read more

    Affected Products : ffmpeg
    • Published: Feb. 10, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-2588

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote attackers to affect integrity via vectors related to PIA Core Technology.... Read more

    Affected Products : peoplesoft_products
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-3780

    The Bluetooth subsystem in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Aug. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2398

    Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka "Internet Explorer XSS Filter Bypass Vulnerability."... Read more

    Affected Products : internet_explorer
    • Published: Jul. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2489

    Microsoft Internet Explorer 11 allows remote attackers to gain privileges via a crafted web site, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Elevation of Privilege Vulnerability."... Read more

    Affected Products : internet_explorer
    • Published: Sep. 09, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-32108

    Cross-Site Request Forgery (CSRF) vulnerability in Stephanie Leary Convert Post Types.This issue affects Convert Post Types: from n/a through 1.4. ... Read more

    Affected Products :
    • Published: Apr. 11, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-4554

    functions/page_header.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.... Read more

    Affected Products : squirrelmail change_passwd
    • Published: Jul. 14, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-0664

    The IPC channel in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary userspace memory locations, and consequently gain privileges, via crafted messages, aka Bug ID CSCus79195.... Read more

    Affected Products : anyconnect_secure_mobility_client
    • Published: Mar. 18, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2711

    Mozilla Firefox before 38.0 does not recognize a referrer policy delivered by a referrer META element in cases of context-menu navigation and middle-click navigation, which allows remote attackers to obtain sensitive information by reading web-server Refe... Read more

    Affected Products : firefox opensuse
    • Published: May. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-2414

    Microsoft Internet Explorer 8 through 11 allows remote attackers to obtain sensitive browsing-history information via vectors related to image caching, aka "Internet Explorer Information Disclosure Vulnerability."... Read more

    Affected Products : internet_explorer
    • Published: Jul. 14, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2020-5781

    In IgniteNet HeliOS GLinq v2.2.1 r2961, the langSelection parameter is stored in the luci configuration file (/etc/config/luci) by the authenticator.htmlauth function. When modified with arbitrary javascript, this causes a denial-of-service condition for ... Read more

    Affected Products : helios_glinq
    • Published: Sep. 23, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-0668

    Cross-site scripting (XSS) vulnerability in the administration portal in Cisco WebEx Meetings Server 2.5 and 2.5.99.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuq66737.... Read more

    Affected Products : webex_meetings_server
    • Published: Mar. 20, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-3282

    vos in OpenAFS before 1.6.13, when updating VLDB entries, allows remote attackers to obtain stack data by sniffing the network.... Read more

    Affected Products : openafs
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2023-22931

    In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been deprecated and disabled by default... Read more

    Affected Products : splunk splunk_cloud_platform
    • Published: Feb. 14, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2024-34995

    svnWebUI v1.8.3 was discovered to contain an arbitrary file deletion vulnerability via the dirTemps parameter under com.cym.controller.UserController#importOver. This vulnerability allows attackers to delete arbitrary files via a crafted POST request.... Read more

    Affected Products :
    • Published: May. 24, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-3725

    MobileInstallation in Apple iOS before 8.4 does not ensure the uniqueness of Watch bundle IDs, which allows attackers to cause a denial of service (ID collision and Watch launch outage) via a crafted universal provisioning profile app.... Read more

    Affected Products : iphone_os
    • Published: Jul. 03, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-0869

    Cross-site scripting (XSS) vulnerability in fup in Frams' Fast File EXchange (F*EX, aka fex) before 20120215 allows remote attackers to inject arbitrary web script or HTML via the id parameter.... Read more

    Affected Products : fex
    • Published: Sep. 25, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-2587

    Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, and 15.0 allows remote attackers to affect integrity via vectors related to SWSE Server Infrastructure.... Read more

    Affected Products : siebel_crm
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-3273

    mod/forum/post.php in Moodle 2.9.x before 2.9.1 does not consider the mod/forum:canposttomygroups capability before authorizing "Post a copy to all groups" actions, which allows remote authenticated users to bypass intended access restrictions by leveragi... Read more

    Affected Products : moodle
    • Published: Feb. 22, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 293605 Results