Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2011-3552

    Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote attackers to affect integrity via unknown vectors related to Ne... Read more

    Affected Products : jre jdk
    • EPSS Score: %0.97
    • Published: Oct. 19, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2009-4409

    The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP Access Concentrator (PPPAC) function in Internet Initiative Japan SEIL/B1 firmware 1.00 through 2.52 use the same challenge for each authentication attempt, which allows remote attacke... Read more

    Affected Products : seil\/b1
    • EPSS Score: %0.29
    • Published: Dec. 23, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2014-9269

    Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 through 1.2.x before 1.2.18, when Extended project browser is enabled, allows remote attackers to inject arbitrary web script or HTML via the project cookie.... Read more

    Affected Products : debian_linux mantisbt
    • EPSS Score: %0.41
    • Published: Jan. 09, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2011-3634

    methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors.... Read more

    Affected Products : ubuntu_linux advanced_package_tool
    • EPSS Score: %0.16
    • Published: Mar. 01, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2012-0287

    Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the query string in a POST operation that is not properly ... Read more

    Affected Products : internet_explorer wordpress
    • EPSS Score: %0.52
    • Published: Jan. 06, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-5951

    Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer 2.1.3, when used as a component for Joomla!, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) application.js.php in scripts/ or (2) admin.php, (3) copy_... Read more

    Affected Products : extplorer
    • EPSS Score: %0.32
    • Published: Mar. 25, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2013-7078

    Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property ... Read more

    Affected Products : typo3
    • EPSS Score: %0.49
    • Published: Jan. 19, 2014
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2014-1380

    The Security - Keychain component in Apple OS X before 10.9.4 does not properly implement keystroke observers, which allows physically proximate attackers to bypass the screen-lock protection mechanism, and enter characters into an arbitrary window under ... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %0.07
    • Published: Jul. 01, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2012-0099

    Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to sshd.... Read more

    Affected Products : sunos solaris
    • EPSS Score: %0.60
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2014-0595

    /opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Linux SP2 does not properly manage a certain array, which allows local users to obtain the S permission in opportunistic circumstances by leveraging the gran... Read more

    • EPSS Score: %0.12
    • Published: May. 08, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2011-1772

    Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the... Read more

    Affected Products : struts xwork webwork
    • EPSS Score: %59.44
    • Published: May. 13, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-1842

    Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) NAME and (2) COMMENTS parameters.... Read more

    Affected Products : shoutbook
    • EPSS Score: %0.53
    • Published: Apr. 19, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2010-2151

    Cross-site request forgery (CSRF) vulnerability in Fujitsu e-Pares V01 L01 V01 L01, L03, L10, L20, L30, and L40 allows remote attackers to hijack the authentication of users for requests that modify "facility reservation data" via unknown vectors.... Read more

    Affected Products : e-pares
    • EPSS Score: %0.12
    • Published: Jun. 03, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-1878

    Cross-site scripting (XSS) vulnerability in index.php in phpFaber TopSites allows remote attackers to inject arbitrary web script or HTML via the page parameter.... Read more

    Affected Products : topsites
    • EPSS Score: %0.95
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2011-5193

    Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin 1.4.2.3 for WordPress, when the WHOIS widget is enabled, allows remote attackers to inject arbitrary web script or HTML via the domain parameter to ... Read more

    Affected Products : wordpress samswhois
    • EPSS Score: %0.89
    • Published: Sep. 23, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2010-2114

    Cross-site request forgery (CSRF) vulnerability in pbx/gate in Brekeke PBX 2.4.4.8 allows remote attackers to hijack the authentication of users for requests that change passwords via the pbxadmin.web.PbxUserEdit bean.... Read more

    Affected Products : pbx
    • EPSS Score: %0.16
    • Published: May. 28, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2011-5256

    Cross-site scripting (XSS) vulnerability in the tooltips in LimeSurvey before 1.91+ Build 11379-20111116, when viewing survey results, allows remote attackers to inject arbitrary web script or HTML via unknown parameters.... Read more

    Affected Products : limesurvey
    • EPSS Score: %0.26
    • Published: Feb. 12, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2010-2957

    Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, when "Remember me" logins are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : serendipity
    • EPSS Score: %0.28
    • Published: Sep. 10, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-6502

    Microsoft Internet Explorer before 10 allows remote attackers to obtain sensitive information about the existence of files, and read certain data from files, via a UNC share pathname in the SRC attribute of a SCRIPT element, as demonstrated by reading a n... Read more

    Affected Products : internet_explorer
    • EPSS Score: %6.50
    • Published: Jan. 22, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-0933

    Multiple cross-site scripting (XSS) vulnerabilities in Acidcat CMS 3.5.1, 3.5.2, 3.5.6, and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin_colors.asp, (2) admin_config.asp, and (3) admin_cat_a... Read more

    Affected Products : acidcat_cms
    • EPSS Score: %7.79
    • Published: Jan. 29, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 291384 Results