Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2009-5159

    Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment.... Read more

    • EPSS Score: %0.77
    • Published: Mar. 13, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2009-5158

    The google-analyticator plugin before 5.2.1 for WordPress has insufficient HTML sanitization for Google Analytics API text.... Read more

    Affected Products : google_analyticator
    • EPSS Score: %0.19
    • Published: Aug. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2009-5157

    On Linksys WAG54G2 1.00.10 devices, there is authenticated command injection via shell metacharacters in the setup.cgi c4_ping_ipaddr variable.... Read more

    Affected Products : wag54g2_firmware wag54g2
    • EPSS Score: %9.40
    • Published: Jun. 11, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2009-5156

    An issue was discovered on ASMAX AR-804gu 66.34.1 devices. There is Command Injection via the cgi-bin/script query string.... Read more

    • EPSS Score: %6.88
    • Published: Jun. 11, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2009-5155

    In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a reg... Read more

    • EPSS Score: %1.37
    • Published: Feb. 26, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2009-5154

    An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is a default password of meinsm for the admin account.... Read more

    Affected Products : s14_firmware s14
    • EPSS Score: %0.80
    • Published: Feb. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2009-5153

    In Novell NetWare before 6.5 SP8, a stack buffer overflow in processing of CALLIT RPC calls in the NFS Portmapper daemon in PKERNEL.NLM allowed remote unauthenticated attackers to execute code, because a length field was incorrectly trusted.... Read more

    Affected Products : netware
    • EPSS Score: %13.28
    • Published: Nov. 21, 2018
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2009-5152

    Absolute Computrace Agent, as distributed on certain Dell Inspiron systems through 2009, has a race condition with the Dell Client Configuration Utility (DCCU), which allows privileged local users to change Computrace Agent's activation/deactivation statu... Read more

    Affected Products : computrace_agent
    • EPSS Score: %0.05
    • Published: May. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2009-5151

    The stub component of Absolute Computrace Agent V70.785 executes code from a disk's inter-partition space without requiring a digital signature for that code, which allows attackers to execute code on the BIOS. This allows a privileged local user to achie... Read more

    Affected Products : computrace_agent
    • EPSS Score: %0.06
    • Published: May. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2009-5150

    Absolute Computrace Agent V80.845 and V80.866 does not have a digital signature for the configuration block, which allows attackers to set up communication with a web site other than the intended search.namequery.com site by modifying data within a disk's... Read more

    Affected Products : computrace_agent
    • EPSS Score: %0.06
    • Published: May. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2009-5144

    mod-gnutls does not validate client certificates when "GnuTLSClientVerify require" is set in a directory context, which allows remote attackers to spoof clients via a crafted certificate.... Read more

    Affected Products : mod_gnutls
    • EPSS Score: %0.16
    • Published: Feb. 03, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2009-5140

    The SIP implementation on the Linksys SPA2102 phone adapter provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Le... Read more

    Affected Products : spa2102_firmware spa2102
    • EPSS Score: %0.48
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2009-5139

    The SIP implementation on the Gizmo5 software phone provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issu... Read more

    Affected Products : gizmo5
    • EPSS Score: %0.20
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2009-5068

    There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several "co-admins" that are not trusted beyond the SMF deployment. This vulnerability allows t... Read more

    Affected Products : simple_machines_forum
    • EPSS Score: %3.27
    • Published: Jan. 15, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2009-5050

    konversation before 1.2.3 allows attackers to cause a denial of service.... Read more

    Affected Products : konversation
    • EPSS Score: %0.37
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2009-5049

    WebApp JSP Snoop page XSS in jetty though 6.1.21.... Read more

    Affected Products : debian_linux jetty
    • EPSS Score: %1.11
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2009-5048

    Cookie Dump Servlet stored XSS vulnerability in jetty though 6.1.20.... Read more

    Affected Products : jetty
    • EPSS Score: %1.09
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2009-5046

    JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22.... Read more

    Affected Products : debian_linux jetty
    • EPSS Score: %0.95
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2009-5045

    Dump Servlet information leak in jetty before 6.1.22.... Read more

    Affected Products : debian_linux jetty
    • EPSS Score: %1.87
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2009-5043

    burn allows file names to escape via mishandled quotation marks... Read more

    Affected Products : debian_linux burn
    • EPSS Score: %0.43
    • Published: Oct. 31, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291520 Results