Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2011-0697

    Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload.... Read more

    Affected Products : django
    • Published: Feb. 14, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-13437

    The Book a Room plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9. This is due to missing or incorrect nonce validation on the 'bookaroom_Settings' page. This makes it possible for unauthenticated a... Read more

    Affected Products : book_a_room
    • Published: Feb. 12, 2025
    • Modified: Feb. 25, 2025
    • Vuln Type: Cross-Site Request Forgery

  • 4.3

    MEDIUM
    CVE-2011-0767

    Cross-site scripting (XSS) vulnerability in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall 6.2, 7.x, and 8.x allows remote attackers to inject arbitrary web script or HTML via an HTTP request to a firewalle... Read more

    • Published: Jun. 06, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-3063

    Google Chrome before 18.0.1025.142 does not properly validate the renderer's navigation requests, which has unspecified impact and remote attack vectors.... Read more

    Affected Products : chrome
    • Published: Mar. 30, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2023-22021

    Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged atta... Read more

    Affected Products : business_intelligence
    • Published: Jul. 18, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2011-1330

    Cross-site scripting (XSS) vulnerability in WeblyGo 5.0 Pro/LE, 5.02 Pro/LE, 5.03 Pro/LE, 5.04 Pro/LE, and 5.10 Pro/LE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : weblygo
    • Published: Jun. 22, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-15792

    A vulnerability has been identified in Desigo Insight (All versions). The web service does not properly apply input validation for some query parameters in a reserved area. This could allow an authenticated attacker to retrieve data via a content-based bl... Read more

    Affected Products : desigo_insight
    • Published: Oct. 15, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-2694

    actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows... Read more

    Affected Products : rails ruby_on_rails actionpack
    • Published: Jun. 22, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2022-0812

    An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information.... Read more

    Affected Products : linux_kernel
    • Published: Aug. 29, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2021-39943

    An authorization logic error in the External Status Check API in GitLab EE affecting all versions starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allowed a user to update the ... Read more

    Affected Products : gitlab
    • Published: Feb. 09, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2010-4361

    Cross-site scripting (XSS) vulnerability in url-gateway.php in Jurpopage 0.2.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from... Read more

    Affected Products : jurpopage
    • Published: Dec. 01, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-0773

    Cross-site scripting (XSS) vulnerability in pivotx/modules/module_image.php in PivotX before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the image parameter.... Read more

    Affected Products : pivotx
    • Published: Feb. 04, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-0741

    Multiple cross-site scripting (XSS) vulnerabilities in ModX Evolution before 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) installer or (2) image editor.... Read more

    Affected Products : evolution
    • Published: Feb. 02, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-0746

    Cross-site request forgery (CSRF) vulnerability in Forms/PortForwarding_Edit_1 on the ZyXEL O2 DSL Router Classic allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the ... Read more

    Affected Products : o2_dsl_router_classic
    • Published: Apr. 13, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2024-1162

    The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.29. This is due to missing or incorrect nonce validation on the register_reference() function. This makes it possible fo... Read more

    Affected Products : orbit_fox
    • Published: Feb. 02, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2011-3404

    Microsoft Internet Explorer 6 through 9 does not properly use the Content-Disposition HTTP header to control rendering of the HTTP response body, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site,... Read more

    • Published: Dec. 14, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-1278

    content/browser/web_contents/web_contents_impl.cc in Google Chrome before 44.0.2403.89 does not ensure that a PDF document's modal dialog is closed upon navigation to an interstitial page, which allows remote attackers to spoof URLs via a crafted document... Read more

    • Published: Jul. 23, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2009-0842

    mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to read arbitrary invalid .map files via a full pathname in the map parameter, which triggers the display of partial file contents within an error message, as demonstrated... Read more

    Affected Products : mapserver mapserver
    • Published: Mar. 31, 2009
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2017-7488

    Authconfig version 6.2.8 is vulnerable to an Information exposure while using SSSD to authenticate against remote server resulting in the leak of information about existing usernames.... Read more

    Affected Products : authconfig
    • Published: May. 16, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2010-4388

    The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html components in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allow remote attackers to inject code into the RealOneActiveXOb... Read more

    Affected Products : realplayer realplayer_sp
    • Published: Dec. 14, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 293555 Results