Latest CVE Feed
-
4.3
MEDIUMCVE-2016-0308
IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images.... Read more
Affected Products : connections- Published: Feb. 08, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2019-13715
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.... Read more
- Published: Nov. 25, 2019
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2016-0343
IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to obtain sensitive information by reading an error message. IBM X-Force ID: 111784.... Read more
Affected Products : tririga_application_platform- Published: Feb. 21, 2018
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2015-5441
Multiple cross-site scripting (XSS) vulnerabilities in HP ArcSight Management Center before 2.1 and ArcSight Logger before 6.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more
- Published: Nov. 12, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2016-0377
The Administrative Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, and 8.5.x before 8.5.5.10 mishandles CSRFtoken cookies, which allows remote authenticated users to obtain sensitive information via unspecifie... Read more
Affected Products : websphere_application_server- Published: Oct. 22, 2016
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2016-0430
Unspecified vulnerability in the Web Cache component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect confidentiality via vectors related to SSL support, a different vulnerability than CVE-2016-0439.... Read more
Affected Products : fusion_middleware- Published: Jan. 21, 2016
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2019-1030
An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To explo... Read more
- Published: Aug. 14, 2019
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2015-5375
Cross-site scripting (XSS) vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and OX App Suite before 6.22.8-rev8, 6.22.9 before 6.22.9-rev15m, 7.x before 7.6.1-rev25, and 7.6.2 before 7.6.2-rev20 allows re... Read more
- Published: Sep. 28, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2024-37450
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Benevolent allows Cross Site Request Forgery.This issue affects Benevolent: from n/a through 1.3.4.... Read more
Affected Products :- Published: Jan. 02, 2025
- Modified: Jan. 02, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2016-0464
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via vectors related to WLS-Console.... Read more
- Published: Jan. 21, 2016
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-7677
The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X-siLock-FileID parameter in a download action to MOVEit... Read more
Affected Products : moveit_dmz- Published: Feb. 10, 2016
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-7708
Cross-site scripting (XSS) vulnerability in 4images 1.7.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat_description parameter in an updatecat action to admin/categories.php.... Read more
Affected Products : 4images- Published: Oct. 05, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2016-0497
Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.2.2, 6.1.3.0, and 6.2.0.0 allows remote attackers to affect integrity via unknown vectors related to Web Client.... Read more
- Published: Jan. 21, 2016
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2016-1758
The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app.... Read more
- Published: Mar. 24, 2016
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2024-37503
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Lawyer Landing Page allows Cross Site Request Forgery.This issue affects Lawyer Landing Page: from n/a through 1.2.4.... Read more
Affected Products :- Published: Jan. 02, 2025
- Modified: Jan. 02, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2015-7697
Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive.... Read more
- Published: Nov. 06, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2016-2159
The save_submission function in mod/assign/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote authenticated users to bypass intended due-date restrictions by leverag... Read more
Affected Products : moodle- Published: May. 22, 2016
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2016-0706
Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenti... Read more
- Published: Feb. 25, 2016
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-7771
Cross-site scripting (XSS) vulnerability in the runtime engine in the Newphoria applican framework before 1.13.0 for Android and iOS allows remote attackers to inject arbitrary web script or HTML via a crafted SSID that is encountered by an applican appli... Read more
Affected Products : applican- Published: Nov. 20, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-7576
The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.... Read more
- Published: Feb. 16, 2016
- Modified: Apr. 12, 2025