Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2007-1042

    Directory traversal vulnerability in news.php in Xpression News (X-News) 1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to include arbitrary files or obtain sensitive information via a .. (dot dot) in the xnews-template parameter. NOTE... Read more

    Affected Products : xpression_news
    • Published: Feb. 21, 2007
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2007-0996

    The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using t... Read more

    Affected Products : firefox seamonkey
    • Published: Feb. 27, 2007
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2021-1495

    Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of specific HTTP header ... Read more

    • Published: Apr. 29, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2007-0713

    Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file.... Read more

    Affected Products : quicktime
    • Published: Mar. 05, 2007
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2007-5970

    MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table wit... Read more

    Affected Products : mysql mysql
    • Published: Dec. 10, 2007
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2020-2100

    Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848.... Read more

    Affected Products : jenkins
    • Published: Jan. 29, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2006-7143

    Cross-site scripting (XSS) vulnerability in Call Center Software 0.93 and earlier allows remote attackers to inject arbitrary web script or HTML via the problem description field.... Read more

    Affected Products : call-center-software
    • Published: Mar. 07, 2007
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2006-6968

    Cross-site scripting (XSS) vulnerability in the group moderation control center page in Phorum before 5.1.19 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : phorum
    • Published: Feb. 06, 2007
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2006-6741

    Cross-site request forgery (CSRF) vulnerability in urlobox in MKPortal allows remote attackers to delete arbitrary messages as an administrator via a delete operation in an img BBcode tag.... Read more

    Affected Products : mkportal
    • Published: Dec. 26, 2006
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2023-46237

    FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, an endpoint intended to offer limited enumeration abilities to authenticated users was accessible to unauthenticated users. This enabled unauthent... Read more

    Affected Products : fogproject
    • Published: Oct. 31, 2023
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2006-6469

    Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 do not block the postgres port (5432/tcp), which has unknown impact and remote attack vectors, probably related to unauthorized connections ... Read more

    Affected Products : workcentre
    • Published: Dec. 11, 2006
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2006-6467

    Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 do not properly restrict access to SMB file resources, which allows remote attackers to gain unspecified file or directory access via vector... Read more

    Affected Products : workcentre
    • Published: Dec. 11, 2006
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2019-0715

    A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the h... Read more

    • Published: Aug. 14, 2019
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2006-6047

    Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apa... Read more

    Affected Products : etomite
    • Published: Nov. 22, 2006
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2006-5924

    Cross-site scripting (XSS) vulnerability in index.php in Efficient IP iPmanager (IPm) 2.3 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter. NOTE: the provenance of this information is unknown; details are obtained f... Read more

    Affected Products : ipmanager
    • Published: Nov. 15, 2006
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2018-0803

    Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to access information from one domain and inject it into another domain, due to how Microsoft Edge enforces cross-domain policies, aka "Microso... Read more

    Affected Products : edge windows_10 windows_server_2016
    • Published: Jan. 04, 2018
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2017-8530

    Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge does not properly enforce same-origin policies, aka "Microsoft Edg... Read more

    Affected Products : edge windows_10 windows_server_2016
    • Published: Jun. 15, 2017
    • Modified: Apr. 20, 2025

  • 5.8

    MEDIUM
    CVE-2016-5477

    Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1 and 3.0.1 allows remote attackers to affect confidentiality via vectors related to Administration.... Read more

    Affected Products : glassfish_server
    • Published: Jul. 21, 2016
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2015-7023

    CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors.... Read more

    Affected Products : mac_os_x iphone_os
    • Published: Oct. 23, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2018-8567

    An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka "Microsoft Edge Elevation of Pri... Read more

    Affected Products : edge windows_10 windows_server
    • Published: Nov. 14, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294837 Results