Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2010-3670

    TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function.... Read more

    Affected Products : typo3
    • Published: Nov. 05, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2010-3669

    TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS and Open Redirection in the frontend login box.... Read more

    Affected Products : typo3
    • Published: Nov. 04, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2010-3668

    TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl.... Read more

    Affected Products : typo3
    • Published: Nov. 04, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2010-3667

    TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element.... Read more

    Affected Products : typo3
    • Published: Nov. 04, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2010-3666

    TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function.... Read more

    Affected Products : typo3
    • Published: Nov. 04, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2010-3665

    TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the Extension Manager.... Read more

    Affected Products : typo3
    • Published: Nov. 04, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2010-3664

    TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Information Disclosure on the backend.... Read more

    Affected Products : typo3
    • Published: Nov. 04, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2010-3663

    TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend.... Read more

    Affected Products : typo3
    • Published: Nov. 04, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2010-3662

    TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend.... Read more

    Affected Products : typo3
    • Published: Nov. 04, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2010-3661

    TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Open Redirection on the backend.... Read more

    Affected Products : typo3
    • Published: Nov. 01, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2010-3660

    TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend.... Read more

    Affected Products : typo3
    • Published: Nov. 01, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2010-3440

    babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and unpacking dictionary files, allowing a local attacker to overwrite arbitrary files.... Read more

    Affected Products : debian_linux babiloo
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2010-3439

    It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command.... Read more

    Affected Products : fedora debian_linux alien-arena
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2010-3438

    libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'privmsg' handler, which would cause the client to disconnec... Read more

    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2010-3375

    qtparted has insecure library loading which may allow arbitrary code execution... Read more

    Affected Products : qtparted
    • Published: Oct. 29, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2010-3373

    paxtest handles temporary files insecurely... Read more

    Affected Products : debian_linux paxtest
    • Published: Oct. 29, 2019
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2010-3359

    If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in a directory with a cracked libgarglk.so and gain access to the... Read more

    Affected Products : debian_linux gargoyle
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2010-3305

    Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 could allow remote attackers to change the admin password.... Read more

    Affected Products : pixelpost
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2010-3300

    It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks.... Read more

    • Published: Jun. 22, 2021
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2010-3299

    The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks.... Read more

    Affected Products : debian_linux rails
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292803 Results