Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2011-4119

    caml-light <= 0.75 uses mktemp() insecurely, and also does unsafe things in /tmp during make install.... Read more

    Affected Products : caml-light
    • EPSS Score: %0.53
    • Published: Oct. 26, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2011-4117

    The Batch::BatchRun module 1.03 for Perl does not properly handle temporary files.... Read more

    Affected Products : batch\
    • EPSS Score: %0.38
    • Published: Jan. 31, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2011-4115

    Parallel::ForkManager module before 1.0.0 for Perl does not properly handle temporary files.... Read more

    Affected Products : parallel\
    • EPSS Score: %0.39
    • Published: Jan. 31, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2011-4095

    Jara 1.6 has an XSS vulnerability... Read more

    Affected Products : jara
    • EPSS Score: %0.83
    • Published: Jan. 21, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-4094

    Jara 1.6 has a SQL injection vulnerability.... Read more

    Affected Products : jara
    • EPSS Score: %5.60
    • Published: Jan. 21, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2011-4090

    Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation.... Read more

    Affected Products : serendipity
    • EPSS Score: %2.26
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2011-4088

    ABRT might allow attackers to obtain sensitive information from crash reports.... Read more

    • EPSS Score: %0.74
    • Published: Jan. 31, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2011-4082

    A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the "Accept-Language" HTTP header. A remote attacker could use this flaw to cause a denial of service via specially-crafted request.... Read more

    Affected Products : debian_linux phpldapadmin
    • EPSS Score: %0.92
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2011-4076

    OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). Exposing the EC2_ACCESS_KEY via http or tools that allow man-in-the-middle over https could al... Read more

    Affected Products : nova
    • EPSS Score: %0.41
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-4069

    html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to conduct LDAP injection attacks and consequently bypass authentication via a crafted username.... Read more

    Affected Products : packetfence
    • EPSS Score: %0.88
    • Published: Feb. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-4068

    The check_password function in html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to bypass authentication via an empty password.... Read more

    Affected Products : packetfence
    • EPSS Score: %0.64
    • Published: Feb. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-3923

    Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.... Read more

    Affected Products : struts jboss_enterprise_web_server
    • EPSS Score: %90.65
    • Published: Nov. 01, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2011-3901

    Android SQLite Journal before 4.0.1 has an information disclosure vulnerability.... Read more

    Affected Products : android
    • EPSS Score: %0.28
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2011-3656

    Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP 0.9 errors, non-default ports, and content-sniffing.... Read more

    Affected Products : firefox
    • EPSS Score: %0.27
    • Published: Jun. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2011-3642

    Cross-site scripting (XSS) vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system (news) extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web script or HTML via the plugin configuration directive in a... Read more

    Affected Products : flowplayer_flash
    • EPSS Score: %8.90
    • Published: Feb. 08, 2020
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2011-3632

    Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks.... Read more

    Affected Products : enterprise_linux debian_linux hardlink
    • EPSS Score: %0.13
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2011-3631

    Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. A remote attacker could provide a specially-cra... Read more

    Affected Products : enterprise_linux debian_linux hardlink
    • EPSS Score: %4.16
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2011-3630

    Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way directory trees with deeply nested directories are processed. A remote attacker could provide a specially-crafted directory tree, and trick the local user into... Read more

    Affected Products : enterprise_linux debian_linux hardlink
    • EPSS Score: %3.12
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2011-3629

    Joomla! core 1.7.1 allows information disclosure due to weak encryption... Read more

    Affected Products : joomla\!
    • EPSS Score: %0.01
    • Published: Feb. 04, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2011-3624

    Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote attackers to inject arbitrary text into log files or byp... Read more

    Affected Products : ruby
    • EPSS Score: %0.45
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291562 Results