Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2011-3923

    Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.... Read more

    Affected Products : struts jboss_enterprise_web_server
    • EPSS Score: %90.65
    • Published: Nov. 01, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2011-3901

    Android SQLite Journal before 4.0.1 has an information disclosure vulnerability.... Read more

    Affected Products : android
    • EPSS Score: %0.28
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2011-3656

    Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP 0.9 errors, non-default ports, and content-sniffing.... Read more

    Affected Products : firefox
    • EPSS Score: %0.27
    • Published: Jun. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2011-3642

    Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system (news) extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web script or HTML via the plugin configuration directive in a... Read more

    Affected Products : flowplayer_flash
    • EPSS Score: %8.90
    • Published: Feb. 08, 2020
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2011-3632

    Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks.... Read more

    Affected Products : enterprise_linux debian_linux hardlink
    • EPSS Score: %0.13
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2011-3631

    Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. A remote attacker could provide a specially-cra... Read more

    Affected Products : enterprise_linux debian_linux hardlink
    • EPSS Score: %4.16
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2011-3630

    Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way directory trees with deeply nested directories are processed. A remote attacker could provide a specially-crafted directory tree, and trick the local user into... Read more

    Affected Products : enterprise_linux debian_linux hardlink
    • EPSS Score: %3.12
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2011-3629

    Joomla! core 1.7.1 allows information disclosure due to weak encryption... Read more

    Affected Products : joomla\!
    • EPSS Score: %0.01
    • Published: Feb. 04, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2011-3624

    Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote attackers to inject arbitrary text into log files or byp... Read more

    Affected Products : ruby
    • EPSS Score: %0.45
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2011-3622

    A Cross-Site Scripting (XSS) vulnerability exists in the admin login screen in Phorum before 5.2.18.... Read more

    Affected Products : phorum
    • EPSS Score: %0.24
    • Published: Jan. 22, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-3621

    A reverse proxy issue exists in FluxBB before 1.4.7 when FORUM_BEHIND_REVERSE_PROXY is enabled.... Read more

    Affected Products : fluxbb
    • EPSS Score: %0.61
    • Published: Jan. 22, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2011-3618

    atop: symlink attack possible due to insecure tempfile handling... Read more

    Affected Products : debian_linux atop
    • EPSS Score: %0.11
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2011-3617

    Tahoe-LAFS v1.3.0 through v1.8.2 could allow unauthorized users to delete immutable files in some cases.... Read more

    Affected Products : debian_linux tahoe-lafs
    • EPSS Score: %0.28
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-3614

    An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9.... Read more

    Affected Products : vanilla
    • EPSS Score: %1.02
    • Published: Jan. 22, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2011-3613

    An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled.... Read more

    Affected Products : vanilla
    • EPSS Score: %0.74
    • Published: Jan. 22, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2011-3612

    Cross-Site Request Forgery (CSRF) vulnerability exists in panel.php in UseBB before 1.0.12.... Read more

    Affected Products : usebb
    • EPSS Score: %0.40
    • Published: Jan. 22, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2011-3611

    A File Inclusion vulnerability exists in act parameter to admin.php in UseBB before 1.0.12.... Read more

    Affected Products : usebb
    • EPSS Score: %1.98
    • Published: Jan. 22, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2011-3610

    A Cross-site Scripting (XSS) vulnerability exists in the Serendipity freetag plugin before 3.30 in the tagcloud parameter to plugins/serendipity_event_freetag/tagcloud.swf.... Read more

    Affected Products : serendipity_event_freetag
    • EPSS Score: %0.35
    • Published: Jan. 22, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2011-3609

    A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBoss did not properly restrict access to the management console information (for example via the "Access-Control-Allow-Origin" HTTP access control flag). This can lead to unauthorized inf... Read more

    Affected Products : jboss_application_server
    • EPSS Score: %0.51
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2011-3606

    A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user, with the administrator privilege,... Read more

    Affected Products : jboss_application_server
    • EPSS Score: %0.40
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291551 Results