Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2011-0703

    In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session.... Read more

    Affected Products : debian_linux gksu-polkit
    • EPSS Score: %0.43
    • Published: Nov. 15, 2019
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2011-0699

    Integer signedness error in the btrfs_ioctl_space_info function in the Linux kernel 2.6.37 allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted slot value.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.05
    • Published: Feb. 20, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2011-0544

    phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag.... Read more

    Affected Products : debian_linux phpbb
    • EPSS Score: %0.34
    • Published: Nov. 14, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2011-0529

    Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to malformed fields in HTTP.... Read more

    Affected Products : debian_linux weborf
    • EPSS Score: %0.45
    • Published: Nov. 20, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2011-0525

    Batavi before 1.0 has CSRF.... Read more

    Affected Products : batavi
    • EPSS Score: %0.14
    • Published: Feb. 05, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2011-0467

    A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.... Read more

    • EPSS Score: %0.30
    • Published: Jun. 07, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2011-0428

    Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments.... Read more

    Affected Products : ikiwiki
    • EPSS Score: %0.32
    • Published: Oct. 29, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2011-0220

    Apple Bonjour before 2011 allows a crash via a crafted multicast DNS packet.... Read more

    Affected Products : bonjour
    • EPSS Score: %0.04
    • Published: Feb. 05, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2010-5340

    IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0.... Read more

    Affected Products : webclient
    • EPSS Score: %0.21
    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2010-5339

    IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][uid] is non-persistent in 10.1.3 and 10.2.0.... Read more

    Affected Products : webclient
    • EPSS Score: %0.21
    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2010-5338

    IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent in 10.1.3 and 10.2.0.... Read more

    Affected Products : webclient
    • EPSS Score: %0.21
    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2010-5337

    IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0.... Read more

    Affected Products : webclient
    • EPSS Score: %0.21
    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2010-5336

    IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0.... Read more

    Affected Products : webclient
    • EPSS Score: %0.21
    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2010-5335

    IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/minimizer/index.php) is not properl... Read more

    Affected Products : webclient
    • EPSS Score: %1.88
    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2010-5334

    IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (_c to basic/index.html) is not properly sanitised a... Read more

    Affected Products : webclient
    • EPSS Score: %1.06
    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2010-5333

    The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x before 2.2.0.9037 has a buffer overflow via a long password in an administration login POST request, leading to arbitrary code execution. An SEH-overwrite buffer overflow already existed ... Read more

    Affected Products : integard_home integard_pro
    • EPSS Score: %7.22
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 5.6

    MEDIUM
    CVE-2010-5332

    In the Linux kernel before 2.6.37, an out of bounds array access happened in drivers/net/mlx4/port.c. When searching for a free entry in either mlx4_register_vlan() or mlx4_register_mac(), and there is no free entry, the loop terminates without updating t... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.10
    • Published: Jul. 27, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2010-5331

    In the Linux kernel before 2.6.34, a range check issue in drivers/gpu/drm/radeon/atombios.c could cause an off by one (buffer overflow) problem. NOTE: At least one Linux maintainer believes that this CVE is incorrectly assigned and should be rejected beca... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.08
    • Published: Jul. 27, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2010-5304

    A NULL pointer dereference flaw was found in the way LibVNCServer before 0.9.9 handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client.... Read more

    Affected Products : fedora libvncserver
    • EPSS Score: %3.38
    • Published: Feb. 05, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2010-5108

    Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions.... Read more

    Affected Products : debian_linux trac
    • EPSS Score: %0.31
    • Published: Nov. 13, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291520 Results