Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2012-6148

    Cross-site scripting (XSS) vulnerability in the function menu API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : typo3
    • Published: Jul. 01, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-6149

    Multiple cross-site scripting (XSS) vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) content values of a note in a system... Read more

    • Published: Feb. 14, 2014
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-2379

    Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 12.0.1 allows remote authenticated users to affect integrity via unknown vectors related to RT.... Read more

    Affected Products : financial_services_software
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-4278

    The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: thi... Read more

    Affected Products : nova compute
    • Published: Sep. 16, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-0814

    The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messag... Read more

    Affected Products : openssh
    • Published: Jan. 27, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-1840

    The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for... Read more

    Affected Products : glance swift glance folsom essex s3_store
    • Published: Mar. 22, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2010-3089

    Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field.... Read more

    Affected Products : mailman
    • Published: Sep. 15, 2010
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-4261

    OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as de... Read more

    Affected Products : openstack folsom grizzly
    • Published: Oct. 29, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2014-1992

    Cross-site scripting (XSS) vulnerability in the Messages functionality in Cybozu Garoon 3.1.x, 3.5.x, and 3.7.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : garoon
    • Published: Jul. 20, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2013-4255

    The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier does not properly handle attributes in a (1) PREEMPT, (2) SUSPEND, (3) CONTINUE, (4) WANT_VACATE, or (5) KILL policy that evaluate to an Unconfigured, Undefined, or Error state, which all... Read more

    Affected Products : condor enterprise_mrg
    • Published: Oct. 11, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-4698

    Cybozu Mailwise 5.0.4 and 5.0.5 allows remote authenticated users to obtain sensitive e-mail content intended for different persons in opportunistic circumstances by reading Subject header lines within the user's own mailbox.... Read more

    Affected Products : mailwise
    • Published: Aug. 16, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2013-3812

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.... Read more

    • Published: Jul. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2011-0904

    The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a de... Read more

    Affected Products : vino
    • Published: May. 10, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2015-1558

    Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of service (file descriptor consumption) via an SDP offer c... Read more

    Affected Products : asterisk open_source
    • Published: Feb. 09, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2014-8987

    Cross-site scripting (XSS) vulnerability in the "set configuration" box in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via the config_option pa... Read more

    Affected Products : mantisbt
    • Published: Aug. 24, 2015
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2012-3179

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect integrity via unknown vectors related to Tree Manager.... Read more

    Affected Products : peoplesoft_products
    • Published: Oct. 17, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-2604

    Multiple cross-site scripting (XSS) vulnerabilities in GuestAccess.jsp in the Guest/Contractor access component in the administrative interface in Bradford Network Sentry before 5.3.3 allow remote authenticated users to inject arbitrary web script or HTML... Read more

    • Published: Jun. 13, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2009-3629

    Multiple cross-site scripting (XSS) vulnerabilities in the Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allow remote authenticated users to inject arbitrary web script or HTML via un... Read more

    Affected Products : typo3
    • Published: Nov. 02, 2009
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2012-1344

    Cisco IOS 15.1 and 15.2, when a clientless SSL VPN is configured, allows remote authenticated users to cause a denial of service (device reload) by using a web browser to refresh the SSL VPN portal page, as demonstrated by the Android browser, aka Bug ID ... Read more

    Affected Products : ios
    • Published: Aug. 06, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-1417

    Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com.... Read more

    • Published: Sep. 17, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 294070 Results