Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2011-4558

    Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters.... Read more

    Affected Products : tiki
    • EPSS Score: %3.40
    • Published: Jan. 27, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2011-4538

    Lexmark X, W, T, E, and C devices before 2012-02-09 allow attackers to obtain sensitive information by reading passwords within exported settings.... Read more

    Affected Products : c734_firmware c736_firmware w850_firmware c540 c543 c544 c546 e260 e460 e462 +56 more products
    • EPSS Score: %0.23
    • Published: Mar. 09, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2011-4455

    Multiple cross-site scripting vulnerabilities in Tiki 7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-admin_system.php, (2) tiki-pagehistory.php, (3) tiki-removepage.php, or (4) tiki-rename_page.... Read more

    Affected Products : tiki
    • EPSS Score: %0.31
    • Published: Nov. 20, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2011-4454

    Multiple cross-site scripting vulnerabilities in Tiki 8.0 RC1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-remind_password.php, (2) tiki-index.php, (3) tiki-login_scr.php, or (4) tiki-index.... Read more

    Affected Products : tiki
    • EPSS Score: %0.31
    • Published: Nov. 20, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2011-4350

    Yaws 1.91 has a directory traversal vulnerability in the way certain URLs are processed. A remote authenticated user could use this flaw to obtain content of arbitrary local files via specially-crafted URL request.... Read more

    Affected Products : debian_linux yaws
    • EPSS Score: %25.88
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2011-4338

    Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. The next time shaman is run, root privileges are granted despite the fact that the user never entered the root password.... Read more

    Affected Products : shaman
    • EPSS Score: %0.04
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2011-4336

    Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to snarf_ajax.php.... Read more

    Affected Products : tikiwiki_cms\/groupware
    • EPSS Score: %0.93
    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2011-4322

    websitebaker prior to and including 2.8.1 has an authentication error in backup module.... Read more

    Affected Products : websitebaker
    • EPSS Score: %0.25
    • Published: Jan. 21, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2011-4310

    The news module in CMSMS before 1.9.4.3 allows remote attackers to corrupt new articles.... Read more

    Affected Products : cms_made_simple
    • EPSS Score: %0.23
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2011-4190

    The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to SUSE. A remot... Read more

    • EPSS Score: %0.23
    • Published: Jun. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-4183

    A vulnerability in open build service allows remote attackers to upload arbitrary RPM files. Affected releases are SUSE open build service prior to 2.1.16.... Read more

    Affected Products : open_build_service
    • EPSS Score: %0.37
    • Published: Jun. 13, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2011-4182

    Missing escaping of ESSID values in sysconfig of SUSE Linux Enterprise allows attackers controlling an access point to cause execute arbitrary code. Affected releases are sysconfig prior to 0.83.7-2.1.... Read more

    Affected Products : sysconfig
    • EPSS Score: %0.57
    • Published: Jun. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2011-4181

    A vulnerability in open build service allows remote attackers to gain access to source files even though source access is disabled. Affected releases are SUSE open build service up to and including version 2.1.15 (for 2.1) and before version 2.3.... Read more

    Affected Products : open_build_service
    • EPSS Score: %0.23
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2011-4126

    Race condition issues were found in Calibre at devices/linux_mount_helper.c allowing unprivileged users the ability to mount any device to anywhere.... Read more

    Affected Products : calibre
    • EPSS Score: %0.47
    • Published: Oct. 27, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-4125

    A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root.... Read more

    Affected Products : calibre
    • EPSS Score: %0.71
    • Published: Oct. 27, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-4124

    Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injection and elevation of privileges.... Read more

    Affected Products : calibre
    • EPSS Score: %0.61
    • Published: Oct. 27, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-4121

    The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, dep... Read more

    Affected Products : ruby
    • EPSS Score: %0.10
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-4120

    Yubico PAM Module before 2.10 performed user authentication when 'use_first_pass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. A remote attacker could use this flaw to circumvent common auth... Read more

    Affected Products : linux_kernel debian_linux pam_module
    • EPSS Score: %1.48
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-4119

    caml-light <= 0.75 uses mktemp() insecurely, and also does unsafe things in /tmp during make install.... Read more

    Affected Products : caml-light
    • EPSS Score: %0.53
    • Published: Oct. 26, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2011-4117

    The Batch::BatchRun module 1.03 for Perl does not properly handle temporary files.... Read more

    Affected Products : batch\
    • EPSS Score: %0.38
    • Published: Jan. 31, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291520 Results