Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2020-8261

    A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.... Read more

    • Published: Oct. 28, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-5899

    The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demon... Read more

    Affected Products : php
    • Published: Nov. 20, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2020-6331

    SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is ca... Read more

    Affected Products : 3d_visual_enterprise_viewer
    • Published: Sep. 09, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2008-4677

    autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to serv... Read more

    Affected Products : vim netrw
    • Published: Oct. 22, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2015-4494

    Mozilla Firefox OS before 2.2 does not require the wifi-manage privilege for reading a Wi-Fi system message, which allows attackers to obtain potentially sensitive information via a crafted app.... Read more

    Affected Products : firefox_os
    • Published: Aug. 08, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2010-0420

    libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing <br> sequences, which allows remote attackers to cause a denial of service (application crash) via a crafted nickname.... Read more

    Affected Products : pidgin
    • Published: Feb. 24, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-7199

    Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.19, 1.22.x before 1.22.11, and 1.23.x before 1.23.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file.... Read more

    Affected Products : mediawiki
    • Published: Sep. 30, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2011-3057

    Google V8, as used in Google Chrome before 17.0.963.83, allows remote attackers to cause a denial of service via vectors that trigger an invalid read operation.... Read more

    Affected Products : chrome
    • Published: Mar. 22, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2011-3187

    The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text i... Read more

    Affected Products : rails actionpack
    • Published: Aug. 29, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-1224

    main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an... Read more

    Affected Products : asterisk open_source
    • Published: Apr. 01, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-6391

    Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page.... Read more

    • Published: Feb. 11, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2015-4468

    Multiple integer overflows in the search_chunk function in chmd.c in libmspack before 0.5 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file.... Read more

    Affected Products : libmspack libmspack
    • Published: Jun. 11, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2011-3358

    Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the (1) os, (2) os_build, or (3) platform parameter to (a) bug_report_page.php or (b) bug_update_advanced_page.p... Read more

    Affected Products : mantisbt
    • Published: Sep. 21, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2015-4260

    Cross-site scripting (XSS) vulnerability in Cisco Hosted Collaboration Solution 10.6(1) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCuu14862.... Read more

    Affected Products : hosted_collaboration_solution
    • Published: Jul. 10, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2006-1729

    Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file uplo... Read more

    • Published: Apr. 14, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2008-1476

    Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to received trackbacks.... Read more

    Affected Products : serendipity serendipity
    • Published: Mar. 24, 2008
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-1392

    Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in the login server in University of Washington Pubcookie 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unsp... Read more

    Affected Products : pubcookie
    • Published: Mar. 26, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2017-14369

    RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege escalation vulnerability. A low privileged RSA Archer user may potentially exploit this vulnerability to elevate their privileges and export certain application records.... Read more

    • Published: Oct. 11, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2011-3256

    FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a dif... Read more

    Affected Products : iphone_os
    • Published: Oct. 14, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2020-5743

    Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker to access test metadata for which they don't have permission.... Read more

    Affected Products : tcexam
    • Published: May. 07, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 293704 Results