Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2015-0419

    Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Portal Framework, a different vulnerability than CVE-2013-1510.... Read more

    Affected Products : siebel_crm
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-1582

    The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 does not properly consider the connection-coalescing behavior of SPDY and HTTP/2 in the case of a shared IP address, which allows man-in-the-middle attackers to bypass an intended ... Read more

    Affected Products : firefox
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4633

    Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : rsa_archer_egrc
    • Published: Dec. 12, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4062

    Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, and 3.5.1 does not properly implement the ASLR protection mechanism, which allows remote attackers to obtain sensitive address information via a crafted web site, aka ".NET ASLR Vulnerability."... Read more

    Affected Products : .net_framework
    • Published: Aug. 12, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4045

    The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when sub_min_expiry is set to zero, allows remote attackers to cause a denial of service (assertion failure and crash) via an unsubscribe request when ... Read more

    Affected Products : asterisk open_source
    • Published: Jun. 17, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2013-5042

    Cross-site scripting (XSS) vulnerability in Microsoft ASP.NET SignalR 1.1.x before 1.1.4 and 2.0.x before 2.0.1, and Visual Studio Team Foundation Server 2013, allows remote attackers to inject arbitrary web script or HTML via crafted Forever Frame transp... Read more

    • Published: Dec. 11, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-4628

    Cross-site scripting (XSS) vulnerability in EMC Isilon InsightIQ 2.x and 3.x before 3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : isilon_insightiq
    • Published: Dec. 12, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4035

    Cross-site scripting (XSS) vulnerability in booking_details.php in Best Soft Inc. (BSI) Advance Hotel Booking System 2.0 allows remote attackers to inject arbitrary web script or HTML via the title parameter.... Read more

    Affected Products : advance_hotel_booking_system
    • Published: Jun. 11, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4036

    Cross-site scripting (XSS) vulnerability in modules/system/admin.php in ImpressCMS 1.3.6.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a listimg action.... Read more

    Affected Products : impresscms
    • Published: Jun. 11, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4032

    Cross-site scripting (XSS) vulnerability in apps/app_comment/form_comment.php in Fiyo CMS 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the Nama field.... Read more

    Affected Products : fiyo_cms
    • Published: Jun. 11, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2018-16586

    In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. If a logged in user opens it, the email could cause the browser to load external image or C... Read more

    • Published: Sep. 28, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2013-5029

    phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php.... Read more

    Affected Products : phpmyadmin opensuse
    • Published: Aug. 19, 2013
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2010-0182

    The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows atta... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Apr. 05, 2010
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-4033

    Cross-site scripting (XSS) vulnerability in libraries/includes/personal/profile.php in Epignosis eFront 3.6.14.4 allows remote attackers to inject arbitrary web script or HTML via the surname parameter to student.php.... Read more

    Affected Products : efront
    • Published: Jun. 11, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4037

    Cross-site scripting (XSS) vulnerability in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor before 2.6.11 and earlier allows remote attackers to inject arbitrary web script or HTML via an array key in the textinput... Read more

    Affected Products : fckeditor
    • Published: Jun. 11, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2014-4023

    Cross-site scripting (XSS) vulnerability in tmui/dashboard/echo.jsp in the Configuration utility in F5 BIG-IP LTM, APM, ASM, GTM, and Link Controller 11.0.0 before 11.6.0 and 10.1.0 through 10.2.4, AAM 11.4.0 before 11.6.0, AFM and PEM 11.3.0 before 11.6.... Read more

    • Published: Oct. 28, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2024-29056

    Windows Authentication Elevation of Privilege Vulnerability... Read more

    • Published: Apr. 09, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2014-100034

    Cross-site scripting (XSS) vulnerability in the frontend interface in LicensePal ArcticDesk before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : arcticdesk
    • Published: Jan. 13, 2015
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2010-4665

    Integer overflow in the ReadDirectory function in tiffdump.c in tiffdump in LibTIFF before 3.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF file containing a direct... Read more

    Affected Products : libtiff
    • Published: May. 03, 2011
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2014-3988

    Cross-site scripting (XSS) vulnerability in index.php in SunHater KCFinder 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) file or (2) directory (folder) name of an uploaded file.... Read more

    Affected Products : kcfinder
    • Published: Dec. 03, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293522 Results