Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2011-10003

    A vulnerability was found in XpressEngine up to 1.4.4. It has been rated as critical. This issue affects some unknown processing of the component Update Query Handler. The manipulation leads to sql injection. Upgrading to version 1.4.5 is able to address ... Read more

    Affected Products : xpressengine
    • Published: Feb. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-10002

    A vulnerability classified as critical has been found in weblabyrinth 0.3.1. This affects the function Labyrinth of the file labyrinth.inc.php. The manipulation leads to sql injection. Upgrading to version 0.3.2 is able to address this issue. The identifi... Read more

    Affected Products : weblabyrinth
    • Published: Feb. 07, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-10001

    A vulnerability was found in iamdroppy phoenixcf. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file content/2-Community/articles.cfm. The manipulation leads to sql injection. The patch is named d156fa... Read more

    Affected Products : phoenixcf
    • Published: Jan. 18, 2023
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2011-0704

    389 Directory Server 1.2.7.5, when built with mozldap, allows remote attackers to cause a denial of service (replica crash) by sending an empty modify request.... Read more

    Affected Products : 389_directory_server
    • Published: May. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2011-0703

    In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session.... Read more

    Affected Products : debian_linux gksu-polkit
    • Published: Nov. 15, 2019
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2011-0699

    Integer signedness error in the btrfs_ioctl_space_info function in the Linux kernel 2.6.37 allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted slot value.... Read more

    Affected Products : linux_kernel
    • Published: Feb. 20, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2011-0544

    phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag.... Read more

    Affected Products : debian_linux phpbb
    • Published: Nov. 14, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2011-0529

    Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to malformed fields in HTTP.... Read more

    Affected Products : debian_linux weborf
    • Published: Nov. 20, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2011-0525

    Batavi before 1.0 has CSRF.... Read more

    Affected Products : batavi
    • Published: Feb. 05, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2011-0467

    A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.... Read more

    • Published: Jun. 07, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2011-0428

    Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments.... Read more

    Affected Products : ikiwiki
    • Published: Oct. 29, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2011-0220

    Apple Bonjour before 2011 allows a crash via a crafted multicast DNS packet.... Read more

    Affected Products : bonjour
    • Published: Feb. 05, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2010-5340

    IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0.... Read more

    Affected Products : webclient
    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2010-5339

    IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][uid] is non-persistent in 10.1.3 and 10.2.0.... Read more

    Affected Products : webclient
    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2010-5338

    IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent in 10.1.3 and 10.2.0.... Read more

    Affected Products : webclient
    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2010-5337

    IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0.... Read more

    Affected Products : webclient
    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2010-5336

    IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0.... Read more

    Affected Products : webclient
    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2010-5335

    IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (script to basic/minimizer/index.php) is not properl... Read more

    Affected Products : webclient
    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2010-5334

    IceWarp Webclient before 10.2.1 has a directory traversal vulnerability. This can result in loss of confidential data of IceWarp Mailserver and the operating system. Input passed via a certain parameter (_c to basic/index.html) is not properly sanitised a... Read more

    Affected Products : webclient
    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2010-5333

    The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x before 2.2.0.9037 has a buffer overflow via a long password in an administration login POST request, leading to arbitrary code execution. An SEH-overwrite buffer overflow already existed ... Read more

    Affected Products : integard_home integard_pro
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292916 Results