Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2012-3407

    plow has local buffer overflow vulnerability... Read more

    Affected Products : plow
    • EPSS Score: %0.22
    • Published: Nov. 22, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2012-3353

    The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. Users should upgrade to versi... Read more

    Affected Products : sling_jcr_contentloader sling_i18n
    • EPSS Score: %0.32
    • Published: Jan. 09, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2012-3351

    Multiple cross-site scripting (XSS) vulnerabilities in LongTail Video JW Player through 5.10.2295 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) logo.link, or (3) aboutlink parameter, or a nested URI scheme name for (4... Read more

    Affected Products : jw_player
    • EPSS Score: %1.68
    • Published: Feb. 20, 2020
    • Modified: Nov. 21, 2024

  • 6.4

    MEDIUM
    CVE-2012-3341

    IBM InfoSphere Guardium 7.0, 8.0, 8.01, and 8.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's W... Read more

    Affected Products : infosphere_guardium
    • EPSS Score: %0.24
    • Published: Sep. 01, 2020
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2012-3340

    IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to XML external entity injection, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ... Read more

    Affected Products : infosphere_guardium
    • EPSS Score: %0.20
    • Published: Sep. 01, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2012-3338

    IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to bypass security restrictions, caused by improper restrictions on the create new user account functionality. An attacker could exploit this vulnerability to create unprivileged use... Read more

    Affected Products : infosphere_guardium
    • EPSS Score: %0.30
    • Published: Sep. 01, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2012-3337

    IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to download arbitrary files on the syste... Read more

    Affected Products : infosphere_guardium
    • EPSS Score: %0.54
    • Published: Sep. 01, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2012-3336

    IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to multiple scripts, which could allow the attacker to view, add, modify or delete information in the ba... Read more

    Affected Products : linux_kernel infosphere_guardium
    • EPSS Score: %0.47
    • Published: Sep. 01, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2012-3331

    IBM Sametime allows remote attackers to obtain sensitive information from the Sametime Log database via a direct request to STLOG.NSF. IBM X-Force ID: 78048.... Read more

    Affected Products : sametime
    • EPSS Score: %0.16
    • Published: Feb. 08, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2012-2979

    FreeBSD NSD before 3.2.13 allows remote attackers to crash a NSD child server process (SIGSEGV) and cause a denial of service in the NSD server.... Read more

    Affected Products : name_server_daemon
    • EPSS Score: %0.75
    • Published: Nov. 01, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2012-2950

    Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local File Include Vulnerability which allows remote attackers to execute local PHP code and obtain sensitive information.... Read more

    Affected Products : windows mapserver
    • EPSS Score: %5.38
    • Published: Jan. 09, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2012-2945

    Hadoop 1.0.3 contains a symlink vulnerability.... Read more

    Affected Products : hadoop
    • EPSS Score: %1.71
    • Published: Oct. 29, 2019
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2012-2931

    PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privileges to inject arbitrary code into the .htusers.php file.... Read more

    Affected Products : tinywebgallery
    • EPSS Score: %0.94
    • Published: Jan. 09, 2020
    • Modified: Nov. 21, 2024

  • 4.4

    MEDIUM
    CVE-2012-2736

    In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network.... Read more

    • EPSS Score: %0.08
    • Published: Dec. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2012-2724

    The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensi... Read more

    Affected Products : simplenews
    • EPSS Score: %1.38
    • Published: Jan. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2012-2714

    The BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users via the audience identifier.... Read more

    Affected Products : browserid
    • EPSS Score: %6.66
    • Published: Jan. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2012-2666

    golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script.... Read more

    Affected Products : go
    • EPSS Score: %0.51
    • Published: Jul. 09, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2012-2656

    An XML eXternal Entity (XXE) issue exists in Restlet 1.1.10 in an endpoint using XML transport, which lets a remote attacker obtain sensitive information.... Read more

    Affected Products : restlet
    • EPSS Score: %1.04
    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2012-2629

    Multiple cross-site request forgery (CSRF) and cross-site scripting (XSS) vulnerabilities in Axous 1.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator account via an addnew act... Read more

    Affected Products : axous
    • EPSS Score: %0.69
    • Published: Feb. 20, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2012-2593

    Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email.... Read more

    Affected Products : atmail
    • EPSS Score: %11.72
    • Published: Feb. 06, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291618 Results