Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 5.3

    MEDIUM
    CVE-2010-3673

    TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows information disclosure in the mail header of the HTML mailing API.... Read more

    Affected Products : typo3
    • EPSS Score: %0.46
    • Published: Nov. 05, 2019
    • Modified: Nov. 21, 2024
  • 6.1

    MEDIUM
    CVE-2010-3672

    TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea view helper in an extbase extension.... Read more

    Affected Products : typo3
    • EPSS Score: %0.45
    • Published: Nov. 05, 2019
    • Modified: Nov. 21, 2024
  • 9.4

    HIGH
    CVE-2010-3671

    TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 is open to a session fixation attack which allows remote attackers to hijack a victim's session.... Read more

    Affected Products : typo3
    • EPSS Score: %0.90
    • Published: Nov. 05, 2019
    • Modified: Nov. 21, 2024
  • 5.8

    MEDIUM
    CVE-2010-3670

    TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function.... Read more

    Affected Products : typo3
    • EPSS Score: %0.13
    • Published: Nov. 05, 2019
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2010-3669

    TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS and Open Redirection in the frontend login box.... Read more

    Affected Products : typo3
    • EPSS Score: %0.24
    • Published: Nov. 04, 2019
    • Modified: Nov. 21, 2024
  • 7.5

    HIGH
    CVE-2010-3668

    TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl.... Read more

    Affected Products : typo3
    • EPSS Score: %0.43
    • Published: Nov. 04, 2019
    • Modified: Nov. 21, 2024
  • 5.3

    MEDIUM
    CVE-2010-3667

    TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element.... Read more

    Affected Products : typo3
    • EPSS Score: %0.32
    • Published: Nov. 04, 2019
    • Modified: Nov. 21, 2024
  • 5.3

    MEDIUM
    CVE-2010-3666

    TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function.... Read more

    Affected Products : typo3
    • EPSS Score: %0.32
    • Published: Nov. 04, 2019
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2010-3665

    TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the Extension Manager.... Read more

    Affected Products : typo3
    • EPSS Score: %0.43
    • Published: Nov. 04, 2019
    • Modified: Nov. 21, 2024
  • 6.5

    MEDIUM
    CVE-2010-3664

    TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Information Disclosure on the backend.... Read more

    Affected Products : typo3
    • EPSS Score: %0.43
    • Published: Nov. 04, 2019
    • Modified: Nov. 21, 2024
  • 8.8

    HIGH
    CVE-2010-3663

    TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend.... Read more

    Affected Products : typo3
    • EPSS Score: %3.15
    • Published: Nov. 04, 2019
    • Modified: Nov. 21, 2024
  • 8.8

    HIGH
    CVE-2010-3662

    TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend.... Read more

    Affected Products : typo3
    • EPSS Score: %0.70
    • Published: Nov. 04, 2019
    • Modified: Nov. 21, 2024
  • 6.1

    MEDIUM
    CVE-2010-3661

    TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Open Redirection on the backend.... Read more

    Affected Products : typo3
    • EPSS Score: %0.27
    • Published: Nov. 01, 2019
    • Modified: Nov. 21, 2024
  • 5.4

    MEDIUM
    CVE-2010-3660

    TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend.... Read more

    Affected Products : typo3
    • EPSS Score: %0.47
    • Published: Nov. 01, 2019
    • Modified: Nov. 21, 2024
  • 5.5

    MEDIUM
    CVE-2010-3440

    babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and unpacking dictionary files, allowing a local attacker to overwrite arbitrary files.... Read more

    Affected Products : debian_linux babiloo
    • EPSS Score: %0.07
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024
  • 6.5

    MEDIUM
    CVE-2010-3439

    It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command.... Read more

    Affected Products : fedora debian_linux alien-arena
    • EPSS Score: %0.57
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024
  • 9.8

    CRITICAL
    CVE-2010-3438

    libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'privmsg' handler, which would cause the client to disconnec... Read more

    • EPSS Score: %0.53
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024
  • 9.8

    CRITICAL
    CVE-2010-3375

    qtparted has insecure library loading which may allow arbitrary code execution... Read more

    Affected Products : qtparted
    • EPSS Score: %1.05
    • Published: Oct. 29, 2019
    • Modified: Nov. 21, 2024
  • 5.5

    MEDIUM
    CVE-2010-3373

    paxtest handles temporary files insecurely... Read more

    Affected Products : debian_linux paxtest
    • EPSS Score: %0.14
    • Published: Oct. 29, 2019
    • Modified: Nov. 21, 2024
  • 4.8

    MEDIUM
    CVE-2010-3359

    If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in a directory with a cracked libgarglk.so and gain access to the... Read more

    Affected Products : debian_linux gargoyle
    • EPSS Score: %0.13
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291513 Results