Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2012-4519

    Zenphoto before 1.4.3.4 admin-news-articles.php date parameter XSS.... Read more

    Affected Products : zenphoto
    • EPSS Score: %0.24
    • Published: Feb. 11, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2012-4512

    The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion."... Read more

    • EPSS Score: %9.04
    • Published: Feb. 08, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2012-4480

    mom creates world-writable pid files in /var/run... Read more

    Affected Products : fedora mom
    • EPSS Score: %0.13
    • Published: Dec. 02, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2012-4451

    Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorato... Read more

    Affected Products : enterprise_linux fedora zend_framework
    • EPSS Score: %1.78
    • Published: Jan. 03, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2012-4441

    Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the CI game plugin.... Read more

    Affected Products : jenkins
    • EPSS Score: %1.50
    • Published: Nov. 18, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2012-4440

    Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the Violations plugin.... Read more

    Affected Products : jenkins
    • EPSS Score: %1.50
    • Published: Nov. 18, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2012-4439

    Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL that points to Jenkins.... Read more

    Affected Products : jenkins
    • EPSS Score: %0.44
    • Published: Nov. 18, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2012-4438

    Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code.... Read more

    Affected Products : jenkins
    • EPSS Score: %1.12
    • Published: Nov. 18, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2012-4434

    fwknop before 2.0.3 allow remote authenticated users to cause a denial of service (server crash) or possibly execute arbitrary code.... Read more

    Affected Products : fwknop
    • EPSS Score: %5.49
    • Published: Jan. 09, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2012-4428

    openslp: SLPIntersectStringList()' Function has a DoS vulnerability... Read more

    Affected Products : ubuntu_linux fedora debian_linux openslp
    • EPSS Score: %46.22
    • Published: Dec. 02, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2012-4420

    An information disclosure flaw was found in the way the Java Virtual Machine (JVM) implementation of Java SE 7 as provided by OpenJDK 7 incorrectly initialized integer arrays after memory allocation (in certain circumstances they had nonzero elements righ... Read more

    Affected Products : jdk
    • EPSS Score: %1.07
    • Published: Dec. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2012-4385

    letodms 3.3.6 has CSRF via change password... Read more

    Affected Products : debian_linux letodms
    • EPSS Score: %0.23
    • Published: Nov. 13, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2012-4384

    letodms has multiple XSS issues: Reflected XSS in Login Page, Stored XSS in Document Owner/User name, Stored XSS in Calendar... Read more

    Affected Products : debian_linux letodms
    • EPSS Score: %0.45
    • Published: Nov. 13, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2012-4383

    contao prior to 2.11.4 has a sql injection vulnerability... Read more

    Affected Products : contao
    • EPSS Score: %0.26
    • Published: Jan. 29, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2012-4381

    MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin returns a ... Read more

    Affected Products : mediawiki
    • EPSS Score: %4.12
    • Published: Feb. 08, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-4284

    A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execute arbitrary code... Read more

    Affected Products : viscosity
    • EPSS Score: %49.44
    • Published: Jan. 10, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2012-4030

    Chamilo before 1.8.8.6 does not adequately handle user supplied input by the index.php script, which could allow remote attackers to delete arbitrary files.... Read more

    Affected Products : chamilo_lms
    • EPSS Score: %0.53
    • Published: Jan. 10, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2012-4029

    Cross-site scripting (XSS) vulnerability in main/dropbox/index.php in Chamilo LMS before 1.8.8.6 allows remote attackers to inject arbitrary web script or HTML via the category_name parameter in an addsentcategory action.... Read more

    Affected Products : chamilo
    • EPSS Score: %0.53
    • Published: Feb. 08, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2012-3824

    In Arial Campaign Enterprise before 11.0.551, multiple pages are accessible without authentication or authorization.... Read more

    Affected Products : campaign_enterprise
    • EPSS Score: %0.64
    • Published: Jan. 10, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2012-3823

    Arial Campaign Enterprise before 11.0.551 stores passwords in clear text and these may be retrieved.... Read more

    Affected Products : campaign_enterprise
    • EPSS Score: %0.28
    • Published: Jan. 10, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291946 Results