Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2010-3662

    TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend.... Read more

    Affected Products : typo3
    • EPSS Score: %0.70
    • Published: Nov. 04, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2010-3661

    TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Open Redirection on the backend.... Read more

    Affected Products : typo3
    • EPSS Score: %0.27
    • Published: Nov. 01, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2010-3660

    TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend.... Read more

    Affected Products : typo3
    • EPSS Score: %0.47
    • Published: Nov. 01, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2010-3440

    babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and unpacking dictionary files, allowing a local attacker to overwrite arbitrary files.... Read more

    Affected Products : debian_linux babiloo
    • EPSS Score: %0.07
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2010-3439

    It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command.... Read more

    Affected Products : fedora debian_linux alien-arena
    • EPSS Score: %0.57
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2010-3438

    libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'privmsg' handler, which would cause the client to disconnec... Read more

    • EPSS Score: %0.53
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2010-3375

    qtparted has insecure library loading which may allow arbitrary code execution... Read more

    Affected Products : qtparted
    • EPSS Score: %1.05
    • Published: Oct. 29, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2010-3373

    paxtest handles temporary files insecurely... Read more

    Affected Products : debian_linux paxtest
    • EPSS Score: %0.14
    • Published: Oct. 29, 2019
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2010-3359

    If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in a directory with a cracked libgarglk.so and gain access to the... Read more

    Affected Products : debian_linux gargoyle
    • EPSS Score: %0.13
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2010-3305

    Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 could allow remote attackers to change the admin password.... Read more

    Affected Products : pixelpost
    • EPSS Score: %0.50
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2010-3300

    It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks.... Read more

    • EPSS Score: %0.20
    • Published: Jun. 22, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2010-3299

    The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks.... Read more

    Affected Products : debian_linux rails
    • EPSS Score: %0.22
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2010-3293

    mailscanner can allow local users to prevent virus signatures from being updated... Read more

    Affected Products : mailscanner
    • EPSS Score: %0.06
    • Published: Oct. 28, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2010-3292

    The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 downloads files and trusts them without using encryption (e.g., https) or digital signature checking which could allow an attacker to replace certain configuration files (e.g., phishing whi... Read more

    Affected Products : mailscanner
    • EPSS Score: %0.03
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024

  • 3.3

    LOW
    CVE-2010-3282

    389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) and HP-UX Directory Server before B.08.10.03, when audit logging is enabled, logs the Directory Manager password (nsslapd-rootpw) in cleartext when changing cn=config:nsslapd-rootpw, w... Read more

    • EPSS Score: %0.05
    • Published: Jan. 09, 2020
    • Modified: Nov. 21, 2024

  • 4.7

    MEDIUM
    CVE-2010-3095

    mailscanner before 4.79.11-2.1 might allow local users to overwrite arbitrary files via a symlink attack on certain temporary files. NOTE: this issue exists because of an incomplete fix for CVE-2008-5313.... Read more

    Affected Products : mailscanner
    • EPSS Score: %0.07
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2010-3048

    Cisco Unified Personal Communicator 7.0 (1.13056) does not free allocated memory for received data and does not perform validation if memory allocation is successful, causing a remote denial of service condition.... Read more

    Affected Products : unified_personal_communicator
    • EPSS Score: %0.66
    • Published: Jan. 16, 2020
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2010-2783

    IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services.... Read more

    Affected Products : icedtea6
    • EPSS Score: %0.45
    • Published: Oct. 31, 2019
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2010-2548

    IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files.... Read more

    Affected Products : icedtea6
    • EPSS Score: %0.26
    • Published: Oct. 31, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2010-2525

    A flaw was discovered in gfs2 file system’s handling of acls (access control lists). An unprivileged local attacker could exploit this flaw to gain access or execute any file stored in the gfs2 file system.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.14
    • Published: Jun. 22, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291520 Results