Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2008-7296

    Apple Safari cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict... Read more

    Affected Products : safari
    • Published: Aug. 09, 2011
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2008-7297

    Opera cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transp... Read more

    Affected Products : opera_browser
    • Published: Aug. 09, 2011
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2008-7294

    Google Chrome before 4.0.211.0 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack ... Read more

    Affected Products : chrome
    • Published: Aug. 09, 2011
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2008-6735

    Directory traversal vulnerability in qc/index.php in ThaiQuickCart 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the sLanguage cookie.... Read more

    Affected Products : thaiquickcart
    • Published: Apr. 21, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2008-6511

    Open redirect vulnerability in login.jsp in Openfire 3.6.0a and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.... Read more

    Affected Products : openfire
    • Published: Mar. 23, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2011-4703

    The Limit My Call (com.limited.call.view) application 2.11 for Android does not properly protect data, which allows remote attackers to read or modify call logs and a contact list via a crafted application.... Read more

    Affected Products : limit_my_call android
    • Published: Jan. 25, 2012
    • Modified: Apr. 11, 2025

  • 5.8

    MEDIUM
    CVE-2008-5809

    futomi CGI Cafe Access Analyzer CGI Standard 4.0.1 and earlier and Access Analyzer CGI Professional 4.11.3 and earlier use a predictable session id, which makes it easier for remote attackers to hijack sessions, and obtain sensitive information about anal... Read more

    Affected Products : access_analyzer_cgi
    • Published: Jan. 02, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2008-5252

    Cross-site request forgery (CSRF) vulnerability in the Special:Import feature in MediaWiki 1.3.0 through 1.6.10, 1.12.x before 1.12.2, and 1.13.x before 1.13.3 allows remote attackers to perform unspecified actions as authenticated users via unknown vecto... Read more

    Affected Products : mediawiki
    • Published: Dec. 19, 2008
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2008-5077

    OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys.... Read more

    Affected Products : openssl
    • Published: Jan. 07, 2009
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2006-3903

    CRLF injection vulnerability in (1) index.php and (2) admin.php in myWebland MyBloggie 2.1.3 allows remote attackers to hijack sessions and conduct cross-site scripting (XSS) attacks via a cookie.... Read more

    Affected Products : mybloggie
    • Published: Jul. 27, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2006-3603

    Cross-site scripting (XSS) vulnerability in index.php in FlexWATCH Network Camera 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL.... Read more

    Affected Products : flexwatch_network_camera
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2006-3613

    Multiple cross-site scripting (XSS) vulnerabilities in Chamberland Technology ezWaiter 3.0 Online and possibly Enterprise Software (aka enterprise edition) allow remote attackers to inject arbitrary web script or HTML via the (1) itemfor (aka "Who is this... Read more

    Affected Products : ezwaiter_online
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2006-3521

    Multiple cross-site scripting (XSS) vulnerabilities in index/siteforge-bugs-action/proj.siteforge in SiteForge Collaborative Development Platform 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) _status, (2) _ext... Read more

    • Published: Jul. 12, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2006-3533

    Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.30 RC2 and earlier, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) fg, (2) line1, (3) line2, (4) bg, (5) c1, (6) c2, (7) c3, and (8... Read more

    Affected Products : pivot
    • Published: Jul. 12, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2020-12618

    eM Client before 7.2.33412.0 automatically imported S/MIME certificates and thereby silently replaced existing ones. This allowed a man-in-the-middle attacker to obtain an email-validated S/MIME certificate from a trusted CA and replace the public key of ... Read more

    Affected Products : em_client
    • Published: Aug. 20, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2006-3328

    new_ticket.cgi in Hostflow 2.2.1-15 allows remote attackers to steal and replay authentication credentials via an IMG tag in the desc parameter ("Ticket Description" field) that points to a URL that captures referer URLs, possibly due to a cross-site scri... Read more

    Affected Products : hostflow
    • Published: Jun. 30, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2006-3189

    Cross-site scripting (XSS) vulnerability in administration/tblcontent/login1.php in HotPlug CMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.... Read more

    Affected Products : hotplug_cms
    • Published: Jun. 23, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2006-3035

    Multiple cross-site scripting (XSS) vulnerabilities in addwords.php in MyScrapbook 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) comment parameters. NOTE: the provenance of this information is unkn... Read more

    Affected Products : myscrapbook
    • Published: Jun. 15, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2006-3002

    Cross-site scripting (XSS) vulnerability in details.php in Easy Ad-Manager allows remote attackers to inject arbitrary web script or HTML via the mbid parameter, which is reflected in an error message. NOTE: on 20060829, the vendor notified CVE that this ... Read more

    Affected Products : easy_ad-manager
    • Published: Jun. 13, 2006
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2006-3001

    Cross-site scripting (XSS) vulnerability in search.php in OkScripts OkMall 1.0 allow remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: this might be resultant from another vulnerability, since the XSS is reflected in a... Read more

    Affected Products : okmall
    • Published: Jun. 13, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 294848 Results