Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2012-4030

    Chamilo before 1.8.8.6 does not adequately handle user supplied input by the index.php script, which could allow remote attackers to delete arbitrary files.... Read more

    Affected Products : chamilo_lms
    • EPSS Score: %0.53
    • Published: Jan. 10, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2012-4029

    Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in Chamilo LMS before 1.8.8.6 allows remote attackers to inject arbitrary web script or HTML via the category_name parameter in an addsentcategory action.... Read more

    Affected Products : chamilo
    • EPSS Score: %0.53
    • Published: Feb. 08, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2012-3824

    In Arial Campaign Enterprise before 11.0.551, multiple pages are accessible without authentication or authorization.... Read more

    Affected Products : campaign_enterprise
    • EPSS Score: %0.64
    • Published: Jan. 10, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2012-3823

    Arial Campaign Enterprise before 11.0.551 stores passwords in clear text and these may be retrieved.... Read more

    Affected Products : campaign_enterprise
    • EPSS Score: %0.28
    • Published: Jan. 10, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2012-3822

    Arial Campaign Enterprise before 11.0.551 has unauthorized access to the User-Edit.asp page, which allows remote attackers to enumerate users' credentials.... Read more

    Affected Products : campaign_enterprise
    • EPSS Score: %1.30
    • Published: Jan. 10, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-3821

    A Security Bypass vulnerability exists in the activate.asp page in Arial Software Campaign Enterprise 11.0.551, which could let a remote malicious user modify the SerialNumber field.... Read more

    Affected Products : campaign_enterprise
    • EPSS Score: %0.39
    • Published: Jan. 10, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2012-3810

    Samsung Kies before 2.5.0.12094_27_11 has registry modification.... Read more

    Affected Products : kies
    • EPSS Score: %25.87
    • Published: Jan. 09, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2012-3809

    Samsung Kies before 2.5.0.12094_27_11 has arbitrary directory modification.... Read more

    Affected Products : kies
    • EPSS Score: %25.87
    • Published: Jan. 09, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2012-3808

    Samsung Kies before 2.5.0.12094_27_11 has arbitrary file modification.... Read more

    Affected Products : kies
    • EPSS Score: %25.87
    • Published: Jan. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2012-3807

    Samsung Kies before 2.5.0.12094_27_11 has arbitrary file execution.... Read more

    Affected Products : kies
    • EPSS Score: %34.86
    • Published: Jan. 09, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2012-3806

    Samsung Kies before 2.5.0.12094_27_11 contains a NULL pointer dereference vulnerability which could allow remote attackers to perform a denial of service.... Read more

    Affected Products : kies
    • EPSS Score: %2.37
    • Published: Jan. 09, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2012-3543

    mono 2.10.x ASP.NET Web Form Hash collision DoS... Read more

    Affected Products : ubuntu_linux debian_linux mono
    • EPSS Score: %1.15
    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2012-3536

    Two XSS vulnerabilities were fixed in message list and view in the Hupa Webmail application from the Apache James project. An attacker could send a carefully crafted email to a user of Hupa which would trigger a XSS when the email was opened or when a lis... Read more

    Affected Products : hupa
    • EPSS Score: %1.35
    • Published: Feb. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2012-3490

    The (1) my_popenv_impl and (2) my_spawnv functions in src/condor_utils/my_popen.cpp and the (3) systemCommand function in condor_vm-gahp/vmgahp_common.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the return value of set... Read more

    Affected Products : htcondor
    • EPSS Score: %2.63
    • Published: Jan. 09, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2012-3462

    A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context.... Read more

    Affected Products : sssd
    • EPSS Score: %0.33
    • Published: Dec. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2012-3460

    cumin: At installation postgresql database user created without password... Read more

    • EPSS Score: %0.39
    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2012-3409

    ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation... Read more

    Affected Products : debian_linux ecryptfs-utils
    • EPSS Score: %0.08
    • Published: Dec. 20, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2012-3407

    plow has local buffer overflow vulnerability... Read more

    Affected Products : plow
    • EPSS Score: %0.22
    • Published: Nov. 22, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2012-3353

    The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. Users should upgrade to versi... Read more

    Affected Products : sling_jcr_contentloader sling_i18n
    • EPSS Score: %0.32
    • Published: Jan. 09, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2012-3351

    Multiple cross-site scripting (XSS) vulnerabilities in LongTail Video JW Player through 5.10.2295 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) logo.link, or (3) aboutlink parameter, or a nested URI scheme name for (4... Read more

    Affected Products : jw_player
    • EPSS Score: %1.68
    • Published: Feb. 20, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291615 Results