Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2012-6316

    Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3.13.9 Build 120201 Rel.54965n and earlier allow remote administrators to inject arbitrary web script or HTML via the (1) username or (2) pwd parameter to us... Read more

    Affected Products : tl-wr841n_firmware tl-wr841n
    • Published: Sep. 30, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-5507

    AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.... Read more

    Affected Products : plone zope
    • Published: Sep. 30, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2012-5506

    python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (infinite loop) via an RSS feed request for a folder the user does not have permission to access.... Read more

    Affected Products : plone
    • Published: Sep. 30, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2012-5505

    atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name.... Read more

    Affected Products : plone
    • Published: Sep. 30, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-5504

    Cross-site scripting (XSS) vulnerability in widget_traversal.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : plone
    • Published: Sep. 30, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2012-5503

    ftp.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read hidden folder contents via unspecified vectors.... Read more

    Affected Products : plone
    • Published: Sep. 30, 2014
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2012-5502

    Cross-site scripting (XSS) vulnerability in safe_html.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with permissions to edit content to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : plone
    • Published: Sep. 30, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2012-5501

    at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL.... Read more

    Affected Products : plone
    • Published: Sep. 30, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2012-5499

    python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (memory consumption) via a large value, related to formatColumns.... Read more

    Affected Products : plone
    • Published: Sep. 30, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2012-5498

    queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection.... Read more

    Affected Products : plone
    • Published: Sep. 30, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2012-5497

    membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL.... Read more

    Affected Products : plone
    • Published: Sep. 30, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2012-5496

    kupu_spellcheck.py in Kupu in Plone before 4.0 allows remote attackers to cause a denial of service (ZServer thread lock) via a crafted URL.... Read more

    Affected Products : plone
    • Published: Sep. 30, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2012-5495

    python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to "go_back."... Read more

    Affected Products : plone
    • Published: Sep. 30, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-5494

    Cross-site scripting (XSS) vulnerability in python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "{u,}translate."... Read more

    Affected Products : plone
    • Published: Sep. 30, 2014
    • Modified: Apr. 12, 2025

  • 8.5

    HIGH
    CVE-2012-5493

    gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors.... Read more

    Affected Products : plone
    • Published: Sep. 30, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2012-5492

    uid_catalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to obtain metadata about hidden objects via a crafted URL.... Read more

    Affected Products : plone
    • Published: Sep. 30, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-5491

    z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id.... Read more

    Affected Products : plone
    • Published: Sep. 30, 2014
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2012-5490

    Cross-site scripting (XSS) vulnerability in kssdevel.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : plone
    • Published: Sep. 30, 2014
    • Modified: Apr. 12, 2025

  • 6.5

    MEDIUM
    CVE-2012-5489

    The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vect... Read more

    Affected Products : plone zope
    • Published: Sep. 30, 2014
    • Modified: Apr. 12, 2025

  • 5.0

    MEDIUM
    CVE-2012-5488

    python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.... Read more

    Affected Products : plone
    • Published: Sep. 30, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 294837 Results