Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2010-2595

    The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ImageMagick, does not properly handle invalid ReferenceBlackWhite values, which allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that trigg... Read more

    Affected Products : libtiff
    • Published: Jul. 02, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2722

    Cross-site scripting (XSS) vulnerability in index.php in RightInPoint Lyrics Script 3.0 allows remote attackers to inject arbitrary web script or HTML via the artist_id parameter, which is not properly handled in a forced SQL error message. NOTE: the pro... Read more

    Affected Products : lyrics_engine
    • Published: Jul. 13, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1764

    WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, follows multiple redirections during form submission, which allows remote web servers to obtain sensitive information by recording the form data.... Read more

    • Published: Jun. 11, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2664

    Opera before 10.60 allows remote attackers to cause a denial of service (application hang) via certain HTML content that has an unclosed SPAN element with absolute positioning.... Read more

    Affected Products : opera_browser
    • Published: Jul. 08, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2009-1366

    Cross-site scripting (XSS) vulnerability in Website\admin\Sales\paypalipn.aspx in DotNetNuke (DNN) before 4.9.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "name/value pairs" and "paypal IPN functional... Read more

    Affected Products : dotnetnuke
    • Published: Apr. 22, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2010-1746

    Multiple cross-site scripting (XSS) vulnerabilities in the Table JX (com_grid) component for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) data_search and (2) rpp parameters to index.php.... Read more

    Affected Products : joomla\! com_grid
    • Published: May. 06, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1755

    Safari in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the Accept Cookies preference, which makes it easier for remote web servers to track users via a cookie.... Read more

    Affected Products : iphone_os ipod_touch
    • Published: Jun. 22, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1803

    Time Machine in Apple Mac OS X 10.6.x before 10.6.5 does not verify the unique identifier of its remote AFP volume, which allows remote attackers to obtain sensitive information by spoofing this volume.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Nov. 15, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2659

    Opera before 10.50 on Windows, before 10.52 on Mac OS X, and before 10.60 on UNIX platforms makes widget properties accessible to third-party domains, which allows remote attackers to obtain potentially sensitive information via a crafted web site.... Read more

    Affected Products : mac_os_x opera_browser windows unix
    • Published: Jul. 08, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1731

    Google Chrome on the HTC Hero allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop.... Read more

    Affected Products : chrome hero
    • Published: May. 06, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1729

    WebKit.dll in WebKit, as used in Safari.exe 4.531.9.1 in Apple Safari, allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop.... Read more

    Affected Products : safari windows webkit
    • Published: May. 06, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2023-4105

    Mattermost fails to delete the attachments when deleting a message in a thread allowing a simple user to still be able to access and download the attachment of a deleted message ... Read more

    Affected Products : mattermost_server mattermost
    • Published: Aug. 11, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-1711

    Cross-site scripting (XSS) vulnerability in carga_foto_al.php in Siestta 2.0, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the usuario parameter.... Read more

    Affected Products : siestta
    • Published: May. 04, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2636

    Multiple cross-site scripting (XSS) vulnerabilities in sample store pages in IBM WebSphere Commerce 7.0 before 7.0.0.1 allow remote attackers to inject arbitrary web script or HTML via a crafted URL.... Read more

    Affected Products : websphere_commerce
    • Published: Nov. 09, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-14506

    Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.... Read more

    Affected Products : clinical_collaboration_platform
    • Published: Sep. 18, 2020
    • Modified: Jun. 04, 2025

  • 4.3

    MEDIUM
    CVE-2010-2658

    Opera before 10.60 does not properly restrict certain interaction between plug-ins, file inputs, and the clipboard, which allows user-assisted remote attackers to trigger the uploading of arbitrary files via a crafted web site.... Read more

    Affected Products : opera_browser
    • Published: Jul. 08, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-2654

    Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via t... Read more

    • Published: Jul. 08, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1703

    Multiple cross-site scripting (XSS) vulnerabilities in index_search.php in 2daybiz Polls (aka Advanced Poll) Script allow remote attackers to inject arbitrary web script or HTML via the (1) category parameter or (2) search field.... Read more

    Affected Products : polls_script
    • Published: May. 04, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-14684

    Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6-8.1.0. Easily exploitable vulnerability all... Read more

    • Published: Jul. 15, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-2663

    Opera before 10.60 allows remote attackers to cause a denial of service (application hang) via an ended event handler that changes the SRC attribute of an AUDIO element.... Read more

    Affected Products : opera_browser
    • Published: Jul. 08, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 293521 Results