Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2010-2488

    NULL pointer dereference vulnerability in ZNC before 0.092 caused by traffic stats when there are unauthenticated connections.... Read more

    Affected Products : znc
    • EPSS Score: %1.31
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2010-2476

    syscp 1.4.2.1 allows attackers to add arbitrary paths via the documentroot of a domain by appending a colon to it and setting the open basedir path to use that domain documentroot.... Read more

    Affected Products : syscp
    • EPSS Score: %0.53
    • Published: Nov. 07, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2010-2473

    Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal site despite being blocked.... Read more

    Affected Products : drupal
    • EPSS Score: %0.28
    • Published: Nov. 07, 2019
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2010-2472

    Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting... Read more

    Affected Products : drupal
    • EPSS Score: %0.44
    • Published: Nov. 07, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2010-2471

    Drupal versions 5.x and 6.x has open redirection... Read more

    Affected Products : debian_linux drupal
    • EPSS Score: %0.48
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2010-2450

    The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so t... Read more

    Affected Products : debian_linux service_provider
    • EPSS Score: %0.16
    • Published: Nov. 07, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2010-2449

    Gource through 0.26 logs to a predictable file name (/tmp/gource-$UID.tmp), enabling attackers to overwrite an arbitrary file via a symlink attack.... Read more

    Affected Products : gource
    • EPSS Score: %0.56
    • Published: Nov. 07, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2010-2447

    gitolite before 1.4.1 does not filter src/ or hooks/ from path names.... Read more

    Affected Products : gitolite
    • EPSS Score: %0.51
    • Published: Nov. 07, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2010-2446

    Rbot Reaction plugin allows command execution... Read more

    Affected Products : rbot
    • EPSS Score: %0.78
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2010-2250

    Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack.... Read more

    Affected Products : drupal
    • EPSS Score: %0.44
    • Published: Nov. 07, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2010-2247

    makepasswd 1.10 default settings generate insecure passwords... Read more

    Affected Products : makepasswd
    • EPSS Score: %0.47
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2010-2243

    A vulnerability exists in kernel/time/clocksource.c in the Linux kernel before 2.6.34 where on non-GENERIC_TIME systems (GENERIC_TIME=n), accessing /sys/devices/system/clocksource/clocksource0/current_clocksource results in an OOPS.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.79
    • Published: Nov. 07, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2010-2222

    The _ger_parse_control function in Red Hat Directory Server 8 and the 389 Directory Server allows attackers to cause a denial of service (NULL pointer dereference) via a crafted search query.... Read more

    • EPSS Score: %0.44
    • Published: Nov. 05, 2019
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2010-2064

    rpcbind 0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr.... Read more

    Affected Products : rpcbind
    • EPSS Score: %0.07
    • Published: Oct. 29, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2010-2061

    rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr, which can be created by an attacker before the daemon is started.... Read more

    Affected Products : rpcbind
    • EPSS Score: %0.06
    • Published: Oct. 29, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2010-1678

    Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing.... Read more

    Affected Products : mapserver
    • EPSS Score: %0.68
    • Published: Oct. 29, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2010-1673

    A cross-site scripting (XSS) vulnerability in ikiwiki before 3.20101112 allows remote attackers to inject arbitrary web script or HTML via a comment.... Read more

    Affected Products : ikiwiki
    • EPSS Score: %0.33
    • Published: Oct. 30, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2010-1435

    Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently retrieve password reset tokens from the database through an already existing SQL injection vector.... Read more

    Affected Products : joomla\!
    • EPSS Score: %0.01
    • Published: Jun. 21, 2021
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2010-1434

    Joomla! Core is prone to a session fixation vulnerability. An attacker may leverage this issue to hijack an arbitrary session and gain access to sensitive information, which may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1... Read more

    Affected Products : joomla\!
    • EPSS Score: %0.01
    • Published: Jun. 21, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2010-1433

    Joomla! Core is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to properly verify user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the ... Read more

    Affected Products : joomla\!
    • EPSS Score: %0.02
    • Published: Jun. 21, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291400 Results