Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2012-2945

    Hadoop 1.0.3 contains a symlink vulnerability.... Read more

    Affected Products : hadoop
    • EPSS Score: %1.71
    • Published: Oct. 29, 2019
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2012-2931

    PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privileges to inject arbitrary code into the .htusers.php file.... Read more

    Affected Products : tinywebgallery
    • EPSS Score: %0.94
    • Published: Jan. 09, 2020
    • Modified: Nov. 21, 2024

  • 4.4

    MEDIUM
    CVE-2012-2736

    In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network.... Read more

    • EPSS Score: %0.08
    • Published: Dec. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2012-2724

    The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote attackers to obtain sensi... Read more

    Affected Products : simplenews
    • EPSS Score: %1.38
    • Published: Jan. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2012-2714

    The BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users via the audience identifier.... Read more

    Affected Products : browserid
    • EPSS Score: %6.66
    • Published: Jan. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2012-2666

    golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script.... Read more

    Affected Products : go
    • EPSS Score: %0.51
    • Published: Jul. 09, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2012-2656

    An XML eXternal Entity (XXE) issue exists in Restlet 1.1.10 in an endpoint using XML transport, which lets a remote attacker obtain sensitive information.... Read more

    Affected Products : restlet
    • EPSS Score: %1.04
    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2012-2629

    Multiple cross-site request forgery (CSRF) and cross-site scripting (XSS) vulnerabilities in Axous 1.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator account via an addnew act... Read more

    Affected Products : axous
    • EPSS Score: %0.69
    • Published: Feb. 20, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2012-2593

    Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email.... Read more

    Affected Products : atmail
    • EPSS Score: %11.72
    • Published: Feb. 06, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2012-2517

    Cross-site scripting (XSS) vulnerability in PrestaShop before 1.4.9 allows remote attackers to inject arbitrary web script or HTML via the index of the product[] parameter to ajax.php.... Read more

    Affected Products : prestashop
    • EPSS Score: %0.86
    • Published: Feb. 11, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2012-2452

    Multiple cross-site scripting (XSS) vulnerabilities in pragmaMx 1.x before 1.12.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to modules.php or (2) img_url to includes/wysiwyg/spaw/editor/plugins/imgpopup/img_p... Read more

    Affected Products : pragmamx
    • EPSS Score: %0.40
    • Published: Feb. 11, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2012-2350

    pam_shield before 0.9.4: Default configuration does not perform protective action... Read more

    Affected Products : debian_linux pam_shield
    • EPSS Score: %0.42
    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2012-2312

    An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which... Read more

    • EPSS Score: %0.04
    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2012-2248

    An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable.... Read more

    Affected Products : debian_linux dhclient
    • EPSS Score: %2.44
    • Published: Nov. 27, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2012-2238

    trytond 2.4: ModelView.button fails to validate authorization... Read more

    Affected Products : trytond
    • EPSS Score: %0.35
    • Published: Nov. 21, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2012-2237

    Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript innerHTML as used when generating login forms, (2) ... Read more

    Affected Products : debian_linux mahara
    • EPSS Score: %6.62
    • Published: Dec. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2012-2226

    Invision Power Board before 3.3.1 fails to sanitize user-supplied input which could allow remote attackers to obtain sensitive information or execute arbitrary code by uploading a malicious file.... Read more

    Affected Products : invision_power_board
    • EPSS Score: %13.03
    • Published: Jan. 09, 2020
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2012-2204

    InfoSphere Guardium aix_ktap module: DoS... Read more

    Affected Products : infosphere_guardium
    • EPSS Score: %0.06
    • Published: Feb. 10, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2012-2201

    IBM WebSphere MQ 7.1 is vulnerable to a denial of service, caused by an error when handling user ids. A remote attacker could exploit this vulnerability to bypass the security configuration setup on a SVRCONN channel and flood the queue manager.... Read more

    Affected Products : websphere_mq
    • EPSS Score: %0.02
    • Published: Sep. 29, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-2166

    IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2.4.e-2 and 2810-114 and 2812-114 devices before level 11.1.1 have hardcoded passwords for unspecified accounts, which allows remote attackers to gain user access via unknown vectors. IB... Read more

    • EPSS Score: %2.99
    • Published: Feb. 08, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291782 Results