Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2013-0169

    The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, whic... Read more

    Affected Products : openssl openjdk polarssl
    • Published: Feb. 08, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2011-1066

    Cross-site scripting (XSS) vulnerability in the Messaging module 6.x-2.x before 6.x-2.4 and 6.x-4.x before 6.x-4.0-beta8 for Drupal allows remote attackers with administer messaging permissions to inject arbitrary web script or HTML via unspecified vector... Read more

    Affected Products : drupal messaging
    • Published: Feb. 23, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2011-1772

    Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the... Read more

    Affected Products : struts xwork webwork
    • Published: May. 13, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-2236

    Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allows remote attackers to cause a denial of service (crash) ... Read more

    Affected Products : quagga
    • Published: Oct. 24, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-1897

    The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the BASE... Read more

    Affected Products : 389_directory_server
    • Published: May. 13, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-2988

    Absolute path traversal vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to read files by leveraging the Report Author privilege, a different vulnerability than CV... Read more

    Affected Products : cognos_business_intelligence
    • Published: Aug. 27, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2010-2796

    Cross-site scripting (XSS) vulnerability in phpCAS before 1.1.2, when proxy mode is enabled, allows remote attackers to inject arbitrary web script or HTML via a callback URL.... Read more

    Affected Products : phpcas
    • Published: Aug. 05, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2011-4940

    The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attack... Read more

    Affected Products : python
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-2071

    java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request ... Read more

    Affected Products : tomcat
    • Published: Jun. 01, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2014-2000

    The NTT 050 plus application before 4.2.1 for Android allows attackers to obtain sensitive information by leveraging the ability to read system log files.... Read more

    Affected Products : 050_plus
    • Published: Jun. 18, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2013-2037

    httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attack... Read more

    Affected Products : ubuntu_linux httplib2
    • Published: Jan. 18, 2014
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2011-2465

    Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service (named daemon crash)... Read more

    Affected Products : bind
    • Published: Jul. 08, 2011
    • Modified: Apr. 11, 2025

  • 2.5

    LOW
    CVE-2024-21002

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exp... Read more

    • Published: Apr. 16, 2024
    • Modified: May. 29, 2025

  • 2.5

    LOW
    CVE-2017-18425

    In cPanel before 66.0.2, the cpdavd_error_log file can be created with weak permissions (SEC-280).... Read more

    Affected Products : cpanel
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 2.5

    LOW
    CVE-2017-18428

    In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290).... Read more

    Affected Products : cpanel
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 2.5

    LOW
    CVE-2016-4980

    A password generation weakness exists in xquest through 2016-06-13.... Read more

    Affected Products : enterprise_linux fedora xquest
    • Published: Nov. 27, 2019
    • Modified: Nov. 21, 2024

  • 2.5

    LOW
    CVE-2024-13978

    A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as problematic. Affected by this vulnerability is the function t2p_read_tiff_init of the file tools/tiff2pdf.c of the component fax2ps. The manipulation leads to null pointer dereferen... Read more

    Affected Products : libtiff
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Memory Corruption

  • 2.5

    LOW
    CVE-2016-2894

    IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 through 6.3 before 6.3.2.6, 6.4 before 6.4.3.3, and 7.1 before 7.1.6 allows local users to obtain sensitive retrieved data from arbitrary accounts in opportunistic circumstances by leveraging prev... Read more

    Affected Products : tivoli_storage_manager
    • Published: Jul. 03, 2016
    • Modified: Apr. 12, 2025

  • 2.5

    LOW
    CVE-2016-5992

    IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to cause a denial of service via unspecified vectors.... Read more

    Affected Products : sterling_connect\
    • Published: Nov. 25, 2016
    • Modified: Apr. 12, 2025

  • 2.5

    LOW
    CVE-2024-21004

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exp... Read more

    • Published: Apr. 16, 2024
    • Modified: May. 29, 2025
Showing 20 of 293289 Results