Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2011-3618

    atop: symlink attack possible due to insecure tempfile handling... Read more

    Affected Products : debian_linux atop
    • EPSS Score: %0.11
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2011-3617

    Tahoe-LAFS v1.3.0 through v1.8.2 could allow unauthorized users to delete immutable files in some cases.... Read more

    Affected Products : debian_linux tahoe-lafs
    • EPSS Score: %0.28
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-3614

    An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9.... Read more

    Affected Products : vanilla
    • EPSS Score: %1.02
    • Published: Jan. 22, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2011-3613

    An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled.... Read more

    Affected Products : vanilla
    • EPSS Score: %0.74
    • Published: Jan. 22, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2011-3612

    Cross-Site Request Forgery (CSRF) vulnerability exists in panel.php in UseBB before 1.0.12.... Read more

    Affected Products : usebb
    • EPSS Score: %0.40
    • Published: Jan. 22, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2011-3611

    A File Inclusion vulnerability exists in act parameter to admin.php in UseBB before 1.0.12.... Read more

    Affected Products : usebb
    • EPSS Score: %1.98
    • Published: Jan. 22, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2011-3610

    A Cross-site Scripting (XSS) vulnerability exists in the Serendipity freetag plugin before 3.30 in the tagcloud parameter to plugins/serendipity_event_freetag/tagcloud.swf.... Read more

    Affected Products : serendipity_event_freetag
    • EPSS Score: %0.35
    • Published: Jan. 22, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2011-3609

    A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBoss did not properly restrict access to the management console information (for example via the "Access-Control-Allow-Origin" HTTP access control flag). This can lead to unauthorized inf... Read more

    Affected Products : jboss_application_server
    • EPSS Score: %0.51
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2011-3606

    A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user, with the administrator privilege,... Read more

    Affected Products : jboss_application_server
    • EPSS Score: %0.40
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2011-3600

    The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. In addition, it can also be used ... Read more

    Affected Products : ofbiz
    • EPSS Score: %3.91
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2011-3596

    Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-crafted HTTP POST / PUT request.... Read more

    Affected Products : debian_linux polipo
    • EPSS Score: %13.88
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2011-3595

    Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters.... Read more

    Affected Products : joomla\!
    • EPSS Score: %0.03
    • Published: Jan. 22, 2020
    • Modified: Nov. 21, 2024

  • 4.7

    MEDIUM
    CVE-2011-3585

    Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when the /etc/mtab~ file exists.... Read more

    Affected Products : enterprise_linux samba
    • EPSS Score: %0.55
    • Published: Dec. 31, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-3584

    The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input.... Read more

    Affected Products : wec_discussion_forum
    • EPSS Score: %0.47
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-3583

    It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the ... Read more

    Affected Products : typo3
    • EPSS Score: %0.47
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2011-3582

    A Cross-site Request Forgery (CSRF) vulnerability exists in Advanced Electron Forums (AEF) through 1.0.9 due to inadequate confirmation for sensitive transactions in the administrator functions.... Read more

    Affected Products : advanced_electron_forums
    • EPSS Score: %0.14
    • Published: Jan. 22, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2011-3477

    GEAR Software CD DVD Filter driver (aka GEARAspiWDM.sys), as used in Symantec Backup Exec System Recovery 8.5 and BESR 2010, Symantec System Recovery 2011, Norton 360, and Norton Ghost, allows local users to cause a denial of service (system crash) via un... Read more

    • EPSS Score: %0.06
    • Published: Feb. 19, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2011-3374

    It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.... Read more

    Affected Products : debian_linux advanced_package_tool
    • EPSS Score: %1.51
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2011-3373

    Drupal Views Builk Operations (VBO) module 6.x-1.0 through 6.x-1.10 does not properly escape the vocabulary help when the vocabulary has had user tagging enabled and the "Modify node taxonomy terms" action is used. A remote attacker could provide a specia... Read more

    Affected Products : views_builk_operations
    • EPSS Score: %0.59
    • Published: Nov. 25, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2011-3370

    statusnet before 0.9.9 has XSS... Read more

    Affected Products : statusnet
    • EPSS Score: %0.31
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291520 Results