Latest CVE Feed
-
4.3
MEDIUMCVE-2014-2018
Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message contain... Read more
- Published: Feb. 17, 2014
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2021-27557
A cross-site request forgery (CSRF) vulnerability in the Cron job tab in EasyCorp ZenTao 12.5.3 allows attackers to update the fields of a Cron job.... Read more
Affected Products : zentao- Published: Aug. 31, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2014-3080
Multiple cross-site scripting (XSS) vulnerabilities on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to kvm.cgi or (2) the key ... Read more
- Published: Aug. 17, 2014
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2020-0884
A spoofing vulnerability exists in Microsoft Visual Studio as it includes a reply URL that is not secured by SSL, aka 'Microsoft Visual Studio Spoofing Vulnerability'.... Read more
- Published: Mar. 12, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2020-6516
Policy bypass in CORS in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.... Read more
- Published: Jul. 22, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-34751
A vulnerability in the administrative web-based GUI configuration manager of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to access sensitive configuration information. The attacker would require low privi... Read more
- Published: Nov. 15, 2024
- Modified: Aug. 07, 2025
-
4.3
MEDIUMCVE-2020-6442
Inappropriate implementation in cache in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to leak cross-origin data via a crafted HTML page.... Read more
- Published: Apr. 13, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2020-6435
Insufficient policy enforcement in extensions in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page.... Read more
- Published: Apr. 13, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2019-8769
An issue existed in the drawing of web page elements. The issue was addressed with improved logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15. Visiting a maliciously crafted website may reveal browsing history.... Read more
- Published: Dec. 18, 2019
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-31498
This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open ... Read more
Affected Products : brava\!_desktop- Published: Jun. 15, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2014-1480
The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a down... Read more
- Published: Feb. 06, 2014
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2020-5947
In versions 16.0.0-16.0.0.1 and 15.1.0-15.1.1, on specific BIG-IP platforms, attackers may be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP numbers. Onl... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +9 more products- Published: Nov. 19, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-34776
Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. An unauthenticated, adjacent attacker could perform the following: Execute code on the affected device or cause i... Read more
Affected Products : business_220-8t-e-2g_firmware business_220-8p-e-2g_firmware business_220-8fp-e-2g_firmware business_220-16t-2g_firmware business_220-16p-2g_firmware business_220-24t-4g_firmware business_220-24p-4g_firmware business_220-24fp-4g_firmware business_220-48t-4g_firmware business_220-48p-4g_firmware +22 more products- Published: Oct. 06, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2014-0623
Cross-site scripting (XSS) vulnerability in the Self-Service Console in EMC RSA Authentication Manager 7.1 before SP4 P32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "cross frame scripting" issue.... Read more
- Published: Mar. 27, 2014
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2017-15418
Use of uninitialized memory in Skia in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.... Read more
Affected Products : debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation chrome- Published: Aug. 28, 2018
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-30589
Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to bypass navigation restrictions via a crafted click-to-call link.... Read more
- Published: Aug. 03, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-33510
Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file.... Read more
Affected Products : plone- Published: May. 21, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2017-14595
In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state.... Read more
Affected Products : joomla\!- Published: Sep. 20, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2021-30538
Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.... Read more
- Published: Jun. 07, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2012-1062
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to inject arbitrary web script or HTML via the (1) period parameter to showHistoryData.do; (2) selectedNetwork, (3) network, or (4... Read more
- Published: Feb. 14, 2012
- Modified: Apr. 11, 2025