Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2007-3478

    Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) su... Read more

    Affected Products : libgd gdlib
    • Published: Jun. 28, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2017-17183

    Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an integer overflow vulnerability. Due to i... Read more

    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-1609

    Cross-site scripting (XSS) vulnerability in servlet/Spy in Dynamic Monitoring Services (DMS) in Oracle Application Server (OAS) 10g 10.1.2.0.0 allows remote attackers to inject arbitrary web script or HTML via the table parameter. NOTE: This may be relat... Read more

    Affected Products : application_server
    • Published: Mar. 22, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-3386

    Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to... Read more

    Affected Products : tomcat
    • Published: Aug. 14, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2008-2612

    Unspecified vulnerability in the Hyperion BI Plus component in Oracle Application Server 8.3.2.4, 8.5.0.3, 9.2.0.3, 9.2.1.0, and 9.3.1.0 has unknown impact and remote attack vectors.... Read more

    • Published: Jul. 15, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2013-0083

    Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka "SharePoint XSS Vulnerability."... Read more

    • Published: Mar. 13, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2008-1003

    Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to sites that set the document.domain property or have the same document.do... Read more

    Affected Products : safari
    • Published: Mar. 19, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2017-1570

    IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 131852.... Read more

    • Published: Nov. 27, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-18890

    An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows an attacker to create a button that, when pressed by a user, launches an API request.... Read more

    Affected Products : mattermost_server
    • Published: Jun. 19, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-0774

    Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent JavaScript workers from reading the browser-profile directory name, which has unspecified ... Read more

    • Published: Feb. 19, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2007-2718

    Cross-site scripting (XSS) vulnerability in the WebMail system in Stalker CommuniGate Pro 5.1.8 and earlier, when using Microsoft Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via crafted STYLE tags.... Read more

    Affected Products : internet_explorer communigate_pro
    • Published: May. 16, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-1258

    Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter.... Read more

    Affected Products : phpmyadmin
    • Published: Mar. 19, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2013-0967

    CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java Web Start applications, via a crafted web site.... Read more

    Affected Products : mac_os_x mac_os_x_server mac_os_x
    • Published: Mar. 15, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2007-6343

    Cross-site scripting (XSS) vulnerability in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : openview_network_node_manager
    • Published: Dec. 13, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-5947

    The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote att... Read more

    Affected Products : firefox seamonkey
    • Published: Nov. 14, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2021-23884

    Cleartext Transmission of Sensitive Information vulnerability in the ePO Extension of McAfee Content Security Reporter (CSR) prior to 2.8.0 allows an ePO administrator to view the unencrypted password of the McAfee Web Gateway (MWG) or the password of the... Read more

    Affected Products : content_security_reporter
    • Published: Apr. 15, 2021
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-5803

    Multiple cross-site scripting (XSS) vulnerabilities in CGI programs in Nagios before 2.12 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-5624 and CVE-2008-1360.... Read more

    Affected Products : nagios
    • Published: May. 13, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-3385

    Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote att... Read more

    Affected Products : tomcat
    • Published: Aug. 14, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-3227

    Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord::Base#to_json) function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values.... Read more

    Affected Products : rails
    • Published: Jun. 14, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2021-22254

    Under very specific conditions a user could be impersonated using Gitlab shell. This vulnerability affects GitLab CE/EE 13.1 and later through 14.1.2, 14.0.7 and 13.12.9.... Read more

    Affected Products : gitlab
    • Published: Aug. 20, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293628 Results