Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2013-1857

    The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : (colon) characters in... Read more

    • Published: Mar. 19, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2022-2611

    Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.... Read more

    Affected Products : android fedora chrome edge_chromium
    • Published: Aug. 12, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2006-6954

    Flock beta 1 0.7 allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723.... Read more

    Affected Products : flock
    • Published: Jan. 29, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2019-13719

    Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page.... Read more

    Affected Products : chrome backports_sle
    • Published: Nov. 25, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2006-5652

    Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging Server Messenger Express allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated by setting the width style for an I... Read more

    • Published: Nov. 03, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2014-9721

    libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header.... Read more

    Affected Products : libzmq zeromq
    • Published: Jun. 03, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2022-3325

    Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. Allowed for editing the approval rules via the API by an... Read more

    Affected Products : gitlab
    • Published: Oct. 17, 2022
    • Modified: May. 13, 2025

  • 4.3

    MEDIUM
    CVE-2006-6999

    attachment.php in Headstart Solutions DeskPRO allows remote attackers to read all uploaded files by providing the file number in a modified id parameter.... Read more

    Affected Products : deskpro
    • Published: Feb. 12, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2015-0138

    GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.... Read more

    Affected Products : tivoli_directory_server
    • Published: Mar. 25, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-56215

    Missing Authorization vulnerability in Stephen Sherrard Member Directory and Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Member Directory and Contact Form: from n/a through 1.7.0.... Read more

    Affected Products :
    • Published: Dec. 31, 2024
    • Modified: Dec. 31, 2024

  • 4.3

    MEDIUM
    CVE-2015-2239

    Google Chrome before 41.0.2272.76, when Instant Extended mode is used, does not properly consider the interaction between the "1993 search" features and restore-from-disk RELOAD transitions, which makes it easier for remote attackers to spoof the address ... Read more

    Affected Products : chrome
    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2006-6977

    Cross-site scripting (XSS) vulnerability in the "Basic Toolbar Selection" in FreeTextBox allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the (1) href or (2) onmouseover attribute of the A HTML tag.... Read more

    Affected Products : freetextbox
    • Published: Feb. 08, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2018-0927

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Serv... Read more

    • Published: Mar. 14, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-46188

    Missing Authorization vulnerability in Jose Mortellaro Freesoul Deactivate Plugins – Plugin manager and cleanup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Freesoul Deactivate Plugins – Plugin manager and cle... Read more

    • Published: Jan. 02, 2025
    • Modified: Jan. 02, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2023-46179

    IBM Sterling Secure Proxy 6.0.3 and 6.1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to.... Read more

    Affected Products : sterling_secure_proxy
    • Published: Mar. 15, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2023-42438

    An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. Visiting a malicious website may lead to user interface spoofing.... Read more

    Affected Products : macos
    • Published: Oct. 25, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-5611

    Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality via vectors related to Core.... Read more

    Affected Products : vm_virtualbox
    • Published: Oct. 25, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2015-0285

    The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the... Read more

    Affected Products : openssl
    • Published: Mar. 19, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-1711

    The XrayWrapper implementation in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 does not properly address the possibility of an XBL scope bypass resulting from non-native arguments in XBL function calls, which makes it easier for remote attackers ... Read more

    Affected Products : firefox seamonkey
    • Published: Aug. 07, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-0298

    Cross-site scripting (XSS) vulnerability in the manager web interface in mod_cluster before 1.3.2.Alpha1 allows remote attackers to inject arbitrary web script or HTML via a crafted MCMP message.... Read more

    Affected Products : mod_cluster
    • Published: Aug. 24, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 294848 Results