Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2014-3365

    Multiple cross-site scripting (XSS) vulnerabilities in Cisco Prime Security Manager (PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via crafted input to the (1) Dashboard or (2) Configure Realm page, aka Bug ID C... Read more

    Affected Products : prime_security_manager
    • EPSS Score: %0.28
    • Published: Feb. 12, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-3431

    Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and per... Read more

    • EPSS Score: %0.04
    • Published: Jun. 21, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-0006

    The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack.... Read more

    Affected Products : swift
    • EPSS Score: %0.26
    • Published: Jan. 23, 2014
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-0033

    org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote attackers to conduct session fixation attacks via a crafted ... Read more

    Affected Products : tomcat
    • EPSS Score: %16.05
    • Published: Feb. 26, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-39404

    Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass securi... Read more

    Affected Products : commerce magento
    • Published: Aug. 14, 2024
    • Modified: Aug. 14, 2024

  • 4.3

    MEDIUM
    CVE-2014-0040

    OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, uses an HTTP connection to download (1) packages and (2) signing keys from Yum repositories, which allows man-in-the-middle attackers to prevent updates... Read more

    Affected Products : openstack
    • EPSS Score: %0.26
    • Published: Jun. 02, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2023-2937

    Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severi... Read more

    Affected Products : chrome edge_chromium
    • EPSS Score: %0.13
    • Published: May. 30, 2023
    • Modified: Mar. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-6169

    The TLS driver in ejabberd before 2.1.12 supports (1) SSLv2 and (2) weak SSL ciphers, which makes it easier for remote attackers to obtain sensitive information via a brute-force attack.... Read more

    Affected Products : ejabberd
    • EPSS Score: %0.44
    • Published: Oct. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-24434

    Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this v... Read more

    • EPSS Score: %0.88
    • Published: Nov. 05, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-7436

    noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.... Read more

    Affected Products : novnc
    • EPSS Score: %0.61
    • Published: Apr. 10, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-7419

    Cross-site scripting (XSS) vulnerability in includes/refreshDate.php in the Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin 2.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the roomid parameter... Read more

    Affected Products : js_multi_hotel
    • EPSS Score: %0.11
    • Published: Jan. 09, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-6882

    Multiple cross-site scripting (XSS) vulnerabilities in CRU Ditto Forensic FieldStation with firmware 2013Oct15a and earlier allow (1) remote attackers to inject arbitrary web script or HTML via the username parameter in a login or (2) remote authenticated... Read more

    • EPSS Score: %7.86
    • Published: Dec. 17, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-6836

    Heap-based buffer overflow in the ms_escher_get_data function in plugins/excel/ms-escher.c in GNOME Office Gnumeric before 1.12.9 allows remote attackers to cause a denial of service (crash) via a crafted xls file with a crafted length value.... Read more

    Affected Products : gnumeric
    • EPSS Score: %1.16
    • Published: Dec. 19, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-27775

    A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to... Read more

    • EPSS Score: %0.06
    • Published: Dec. 04, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-27772

    A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an imp... Read more

    • EPSS Score: %0.06
    • Published: Dec. 04, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-6853

    Cross-site scripting (XSS) vulnerability in clickstream.js in Y! Toolbar plugin for FireFox 3.1.0.20130813024103 for Mac, and 2.5.9.2013418100420 for Windows, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is stored ... Read more

    Affected Products : firefox macos toolbar
    • EPSS Score: %0.30
    • Published: Jan. 26, 2014
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-6785

    Directory traversal vulnerability in url_redirect.cgi in Supermicro IPMI before SMT_X9_315 allows authenticated attackers to read arbitrary files via the url_name parameter.... Read more

    • EPSS Score: %0.50
    • Published: Jan. 23, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2020-27773

    A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This... Read more

    • EPSS Score: %0.06
    • Published: Dec. 04, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-6786

    Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "forbidden author header" protection mechanism is bypasse... Read more

    • EPSS Score: %0.27
    • Published: Jan. 16, 2014
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2013-6858

    Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topology" page.... Read more

    Affected Products : ubuntu_linux opensuse horizon
    • EPSS Score: %0.76
    • Published: Nov. 23, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 292733 Results