Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2012-6713

    The job-manager plugin before 0.7.19 for WordPress has multiple XSS issues.... Read more

    Affected Products : job_manager
    • EPSS Score: %0.19
    • Published: Aug. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2012-6712

    In the Linux kernel before 3.4, a buffer overflow occurs in drivers/net/wireless/iwlwifi/iwl-agn-sta.c, which will cause at least memory corruption.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.78
    • Published: Jul. 27, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2012-6711

    A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print ... Read more

    Affected Products : bash enterprise_linux
    • EPSS Score: %0.11
    • Published: Jun. 18, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2012-6710

    ext_find_user in eXtplorer through 2.1.2 allows remote attackers to bypass authentication via a password[]= (aka an empty array) in an action=login request to index.php.... Read more

    Affected Products : extplorer
    • EPSS Score: %6.56
    • Published: Oct. 07, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2012-6709

    ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate Validation.... Read more

    Affected Products : links elinks
    • EPSS Score: %0.20
    • Published: Feb. 23, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2012-6708

    jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for th... Read more

    Affected Products : jquery
    • EPSS Score: %0.88
    • Published: Jan. 18, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2012-6685

    Nokogiri before 1.5.4 is vulnerable to XXE attacks... Read more

    • EPSS Score: %0.32
    • Published: Feb. 19, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2012-6682

    Cross-site scripting (XSS) vulnerability in downloads/actions/editdownload.php in the DragonByte Technologies vBDownloads module 1.3.2 and earlier for vBulletin allows remote attackers to inject arbitrary web script or HTML via the mirrors[] parameter.... Read more

    Affected Products : vbdownloads_module
    • EPSS Score: %0.29
    • Published: Jan. 11, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2012-6671

    Multiple cross-site scripting (XSS) vulnerabilities in actions/main.php in the DragonByte Technologies Forumon RPG module before 1.0.8 for vBulletin when creating a new monster, allow remote attackers to inject arbitrary web script or HTML via the (1) mon... Read more

    Affected Products : forumon_rpg_module
    • EPSS Score: %0.27
    • Published: Jan. 11, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2012-6670

    Multiple cross-site scripting (XSS) vulnerabilities in the DragonByte Technologies vbActivity module before 3.0.1 for vBulletin allow remote attackers to inject arbitrary web script or HTML via the reason parameter in (1) actions/nominatemedal.php or (2) ... Read more

    Affected Products : vbactivity_module
    • EPSS Score: %0.27
    • Published: Jan. 11, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2012-6668

    Multiple cross-site scripting (XSS) vulnerabilities in the Shout Reports in the DragonByte Technologies vBShout module before 6.0.6 for vBulletin allow remote attackers to inject arbitrary web script or HTML via the (1) reportreason parameter in actions/d... Read more

    Affected Products : vbshout_module
    • EPSS Score: %0.27
    • Published: Jan. 11, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2012-6667

    Cross-site scripting (XSS) vulnerability in vbshout.php in DragonByte Technologies vBShout module for vBulletin allows remote attackers to inject arbitrary web script or HTML via the shout parameter in a shout action.... Read more

    Affected Products : vbshout
    • EPSS Score: %0.68
    • Published: Jan. 11, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2012-6666

    vBSeo before 3.6.0PL2 allows XSS via the member.php u parameter.... Read more

    Affected Products : vbseo
    • EPSS Score: %0.23
    • Published: Feb. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2012-6664

    Multiple directory traversal vulnerabilities in the TFTP Server in Distinct Intranet Servers 3.10 and earlier allow remote attackers to read or write arbitrary files via a .. (dot dot) in the (1) get or (2) put commands.... Read more

    Affected Products :
    • Published: Jun. 21, 2024
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2012-6663

    General Electric D20ME devices are not properly configured and reveal plaintext passwords.... Read more

    Affected Products : d20me_firmware d200_firmware d20me d200
    • EPSS Score: %23.14
    • Published: Jan. 23, 2020
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2012-6655

    An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords.... Read more

    • EPSS Score: %0.03
    • Published: Nov. 27, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2012-6652

    Directory traversal vulnerability in pageflipbook.php script from index.php in Page Flip Book plugin for WordPress (wppageflip) allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pageflipbook_language parameter.... Read more

    Affected Products : page_flip_book
    • EPSS Score: %2.26
    • Published: May. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2012-6649

    WordPress WP GPX Maps Plugin 1.1.21 allows remote attackers to execute arbitrary PHP code via improper file upload.... Read more

    Affected Products : wp_gpx_maps
    • EPSS Score: %44.94
    • Published: Jan. 23, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2012-6639

    An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data.... Read more

    • EPSS Score: %1.20
    • Published: Nov. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2012-6614

    D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password.... Read more

    Affected Products : dsr-250n_firmware dsr-250n
    • EPSS Score: %8.06
    • Published: Feb. 19, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291647 Results