Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2011-3629

    Joomla! core 1.7.1 allows information disclosure due to weak encryption... Read more

    Affected Products : joomla\!
    • Published: Feb. 04, 2020
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2011-3624

    Various methods in WEBrick::HTTPRequest in Ruby 1.9.2 and 1.8.7 and earlier do not validate the X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server headers in requests, which might allow remote attackers to inject arbitrary text into log files or byp... Read more

    Affected Products : ruby
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2011-3622

    A Cross-Site Scripting (XSS) vulnerability exists in the admin login screen in Phorum before 5.2.18.... Read more

    Affected Products : phorum
    • Published: Jan. 22, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-3621

    A reverse proxy issue exists in FluxBB before 1.4.7 when FORUM_BEHIND_REVERSE_PROXY is enabled.... Read more

    Affected Products : fluxbb
    • Published: Jan. 22, 2020
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2011-3618

    atop: symlink attack possible due to insecure tempfile handling... Read more

    Affected Products : debian_linux atop
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2011-3617

    Tahoe-LAFS v1.3.0 through v1.8.2 could allow unauthorized users to delete immutable files in some cases.... Read more

    Affected Products : debian_linux tahoe-lafs
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-3614

    An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9.... Read more

    Affected Products : vanilla
    • Published: Jan. 22, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2011-3613

    An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled.... Read more

    Affected Products : vanilla
    • Published: Jan. 22, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2011-3612

    Cross-Site Request Forgery (CSRF) vulnerability exists in panel.php in UseBB before 1.0.12.... Read more

    Affected Products : usebb
    • Published: Jan. 22, 2020
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2011-3611

    A File Inclusion vulnerability exists in act parameter to admin.php in UseBB before 1.0.12.... Read more

    Affected Products : usebb
    • Published: Jan. 22, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2011-3610

    A Cross-site Scripting (XSS) vulnerability exists in the Serendipity freetag plugin before 3.30 in the tagcloud parameter to plugins/serendipity_event_freetag/tagcloud.swf.... Read more

    Affected Products : serendipity_event_freetag
    • Published: Jan. 22, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2011-3609

    A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBoss did not properly restrict access to the management console information (for example via the "Access-Control-Allow-Origin" HTTP access control flag). This can lead to unauthorized inf... Read more

    Affected Products : jboss_application_server
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2011-3606

    A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user, with the administrator privilege,... Read more

    Affected Products : jboss_application_server
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2011-3600

    The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. In addition, it can also be used ... Read more

    Affected Products : ofbiz
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2011-3596

    Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-crafted HTTP POST / PUT request.... Read more

    Affected Products : debian_linux polipo
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2011-3595

    Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters.... Read more

    Affected Products : joomla\!
    • Published: Jan. 22, 2020
    • Modified: Nov. 21, 2024

  • 4.7

    MEDIUM
    CVE-2011-3585

    Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when the /etc/mtab~ file exists.... Read more

    Affected Products : enterprise_linux samba
    • Published: Dec. 31, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-3584

    The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input.... Read more

    Affected Products : wec_discussion_forum
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-3583

    It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the ... Read more

    Affected Products : typo3
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2011-3582

    A Cross-site Request Forgery (CSRF) vulnerability exists in Advanced Electron Forums (AEF) through 1.0.9 due to inadequate confirmation for sensitive transactions in the administrator functions.... Read more

    Affected Products : advanced_electron_forums
    • Published: Jan. 22, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292916 Results