Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.5

    LOW
    CVE-2012-4587

    McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1, when one-time provisioning (OTP) mode is enabled, have an improper dependency on DNS SRV records, which makes it easier for remote attackers to discover user passwords by sp... Read more

    • Published: Aug. 22, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-1417

    Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com.... Read more

    • Published: Sep. 17, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2024-22438

    A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820 Network switches. The vulnerability could be remotely exploited to allow execution of malicious code. ... Read more

    Affected Products :
    • Published: Apr. 15, 2024
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2012-1679

    Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect integrity via unknown vectors related to Core-Base.... Read more

    Affected Products : financial_services_software
    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-1344

    Cisco IOS 15.1 and 15.2, when a clientless SSL VPN is configured, allows remote authenticated users to cause a denial of service (device reload) by using a web browser to refresh the SSL VPN portal page, as demonstrated by the Android browser, aka Bug ID ... Read more

    Affected Products : ios
    • Published: Aug. 06, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-3870

    Multiple cross-site scripting (XSS) vulnerabilities in objects/createobject.php in Open Constructor 3.12.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) name or (2) description parameter.... Read more

    Affected Products : openconstructor
    • Published: Dec. 28, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-1370

    Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 allows remote authenticated users to cause a denial of service (vpnagentd process crash) via a crafted packet, aka Bug ID CSCty01670.... Read more

    Affected Products : anyconnect_secure_mobility_client
    • Published: Aug. 06, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-1982

    Cross-site scripting (XSS) vulnerability in my_admin/admin1_list_pages.php in SocialCMS 1.0.2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the TR_title parameter in an edit action.... Read more

    Affected Products : socialcms
    • Published: Apr. 05, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-1588

    Algorithmic complexity vulnerability in the _filter_url function in the text filtering system (modules/filter/filter.module) in Drupal 7.x before 7.14 allows remote authenticated users with certain roles to cause a denial of service (CPU consumption) via ... Read more

    Affected Products : drupal
    • Published: Oct. 01, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2011-5030

    Cross-site scripting (XSS) vulnerability in the Meta tags quick module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors, probably related to "names ... Read more

    Affected Products : drupal meta_tags_quick
    • Published: Dec. 29, 2011
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-5529

    TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled, allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by preparing an empty dynamic SQL query.... Read more

    Affected Products : firebird firebird
    • Published: Nov. 20, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-4303

    Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 11.1.1.6.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Content Server.... Read more

    Affected Products : fusion_middleware
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-5761

    Cross-site scripting (XSS) vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : netezza
    • Published: Feb. 20, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-2604

    Multiple cross-site scripting (XSS) vulnerabilities in GuestAccess.jsp in the Guest/Contractor access component in the administrative interface in Bradford Network Sentry before 5.3.3 allow remote authenticated users to inject arbitrary web script or HTML... Read more

    • Published: Jun. 13, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-3924

    The SSLVPN implementation in Cisco IOS 15.1 and 15.2, when DTLS is enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a PPP ove... Read more

    Affected Products : ios
    • Published: Sep. 16, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-5539

    The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying their own account while a pending membership is waiting... Read more

    Affected Products : drupal organic_groups organic_groups
    • Published: Dec. 03, 2012
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2012-3268

    Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Firewall, Router, Switch, and Switch and Route Processing ... Read more

    • Published: Feb. 01, 2013
    • Modified: Apr. 11, 2025

  • 3.5

    LOW
    CVE-2008-3741

    The private filesystem in Drupal 5.x before 5.10 and 6.x before 6.4 trusts the MIME type sent by a web browser, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading files containing arbitrary web script or HTM... Read more

    Affected Products : drupal
    • Published: Aug. 27, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2008-3874

    Cross-site scripting (XSS) vulnerability in account.php in Lussumo Vanilla 1.1.5-rc1, 1.1.4, and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Value field (aka Label ==> Value pairs). NOTE: some of these details... Read more

    Affected Products : vanilla
    • Published: Aug. 29, 2008
    • Modified: Apr. 09, 2025

  • 3.5

    LOW
    CVE-2024-10214

    Mattermost versions 9.11.X <= 9.11.1, 9.5.x <= 9.5.9 icorrectly issues two sessions when using desktop SSO - one in the browser and one in desktop with incorrect settings.... Read more

    Affected Products : mattermost_server mattermost
    • Published: Oct. 28, 2024
    • Modified: Nov. 05, 2024
Showing 20 of 294690 Results