Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2012-2570

    Cross-site scripting (XSS) vulnerability in products_map.php in X-Cart Gold 4.5 allows remote attackers to inject arbitrary web script or HTML via the symb parameter.... Read more

    Affected Products : x-cart
    • Published: Aug. 15, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-0849

    Integer overflow in the ff_j2k_dwt_init function in libavcodec/j2k_dwt.c in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted JPEG2000 image that triggers an incorrect check f... Read more

    Affected Products : ffmpeg
    • Published: Aug. 27, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-2495

    The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote at... Read more

    • Published: Jun. 20, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-0834

    Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engine action to cmd.php.... Read more

    Affected Products : phpldapadmin phpldapadmin
    • Published: Feb. 11, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-2382

    Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attri... Read more

    Affected Products : internet_explorer ie
    • Published: Jun. 03, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-2536

    Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerabil... Read more

    • Published: Sep. 11, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-0873

    Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or the (2) photos_only, (3) online_only, or (4) mode paramete... Read more

    Affected Products : dolphin
    • Published: Feb. 23, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-0899

    Cross-site scripting (XSS) vulnerability in referencement/sites_inscription.php in Annuaire PHP allows remote attackers to inject arbitrary web script or HTML via the url parameter and possibly the nom parameter.... Read more

    Affected Products : annuaire_php
    • Published: Jan. 20, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-0903

    Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Desktop 7.1.2 b10978 allow remote attackers to inject arbitrary web script or HTML via the (1) Username or (2) MailBox Name.... Read more

    Affected Products : zimbra_desktop
    • Published: Jan. 20, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-1005

    Multiple cross-site scripting (XSS) vulnerabilities in Sphinx Software Mobile Web Server 3.1.2.47 allow remote attackers to inject arbitrary web script or HTML via the comment parameter to a blog, as demonstrated using (1) Blog/MyFirstBlog.txt or (2) Blog... Read more

    Affected Products : mobile_web_server
    • Published: Feb. 07, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2022-3619

    A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to memory leak. It is recomm... Read more

    Affected Products : linux_kernel
    • Published: Oct. 20, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-1664

    Multiple cross-site scripting (XSS) vulnerabilities in the admin panel in osCMax before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in a process action to admin/login.php; (2) pageTitle, (3) current_p... Read more

    Affected Products : oscmax
    • Published: May. 20, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2023-48232

    Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines and smooth scrolling is enabled and the cpo-settings include the 'n' flag. This may happen when a window border is pre... Read more

    Affected Products : fedora vim
    • Published: Nov. 16, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2011-0009

    Best Practical Solutions RT 3.x before 3.8.9rc2 and 4.x before 4.0.0rc4 uses the MD5 algorithm for password hashes, which makes it easier for context-dependent attackers to determine cleartext passwords via a brute-force attack on the database.... Read more

    Affected Products : rt request_tracker
    • Published: Jan. 25, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-1788

    Multiple cross-site scripting (XSS) vulnerabilities in wonderdesk.cgi in WonderDesk SQL 4.14 allow remote attackers to inject arbitrary web script or HTML via the (1) cus_email parameter in a cust_lostpw action; or (2) help_name, (3) help_email, (4) help_... Read more

    Affected Products : wonderdesk_sql
    • Published: Mar. 19, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2022-1193

    Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows a malicious actor to obtain details of the latest commit in a private project via Merge Requests under certain circumstances... Read more

    Affected Products : gitlab
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-1110

    Multiple cross-site scripting (XSS) vulnerabilities in Etano 1.22 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user, (2) email, (3) email2, (4) f17_zip, or (5) agree parameter to join.php; (6) PATH_INFO, (7) st, (8... Read more

    Affected Products : etano
    • Published: Sep. 06, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-1646

    Multiple cross-site scripting (XSS) vulnerabilities in the FAQ module 6.x-1.x before 6.x-1.13 and 7.x-1.x-rc1 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via the (1) title parameter in faq.admin.inc or (2) detailed_q... Read more

    Affected Products : faq
    • Published: Sep. 25, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-1245

    Cross-site scripting (XSS) vulnerability in the cleanup_urls function in forum/utils/html.py in OSQA before 1234, and 0.9.0 Beta 3 and earlier, allows remote attackers to inject arbitrary web script or HTML via vectors related to a crafted URI.... Read more

    Affected Products : osqa
    • Published: Apr. 27, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2012-1634

    Cross-site scripting (XSS) vulnerability in video_filter.codecs.inc in the Video Filter module 6.x-2.x and 7.x-2.x for Drupal allows remote attackers to inject arbitrary web script or HTML via the EMBEDLOOKUP parameter for Blip.tv links.... Read more

    Affected Products : drupal video_filter
    • Published: Oct. 06, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 293436 Results