Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2007-2349

    Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.Board) 2.1.x and 2.2.x allows remote attackers to inject arbitrary web script or HTML by uploading crafted images or PDF files.... Read more

    Affected Products : invision_power_board
    • Published: Apr. 30, 2007
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2023-20071

    Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a flaw in the FTP module of th... Read more

    • Published: Nov. 01, 2023
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2007-1898

    formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters.... Read more

    • Published: May. 16, 2007
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2007-1241

    Cross-site scripting (XSS) vulnerability in setup.php in Audins Audiens 3.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. NOTE: the provenance of this information is unknown; the details are obtained solely from third ... Read more

    Affected Products : audins_audiens
    • Published: Mar. 03, 2007
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2007-1230

    Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/functions.php in WordPress before 2.1.2-alpha allow remote attackers to inject arbitrary web script or HTML via (1) the Referer HTTP header or (2) the URI, a different vulnerability than C... Read more

    Affected Products : wordpress
    • Published: Mar. 02, 2007
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2007-1042

    Directory traversal vulnerability in news.php in Xpression News (X-News) 1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to include arbitrary files or obtain sensitive information via a .. (dot dot) in the xnews-template parameter. NOTE... Read more

    Affected Products : xpression_news
    • Published: Feb. 21, 2007
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2007-0996

    The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using t... Read more

    Affected Products : firefox seamonkey
    • Published: Feb. 27, 2007
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2021-1495

    Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of specific HTTP header ... Read more

    • Published: Apr. 29, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2007-0713

    Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file.... Read more

    Affected Products : quicktime
    • Published: Mar. 05, 2007
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2007-5970

    MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table wit... Read more

    Affected Products : mysql mysql
    • Published: Dec. 10, 2007
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2020-2100

    Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848.... Read more

    Affected Products : jenkins
    • Published: Jan. 29, 2020
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2006-7143

    Cross-site scripting (XSS) vulnerability in Call Center Software 0.93 and earlier allows remote attackers to inject arbitrary web script or HTML via the problem description field.... Read more

    Affected Products : call-center-software
    • Published: Mar. 07, 2007
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2006-6968

    Cross-site scripting (XSS) vulnerability in the group moderation control center page in Phorum before 5.1.19 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : phorum
    • Published: Feb. 06, 2007
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2006-6741

    Cross-site request forgery (CSRF) vulnerability in urlobox in MKPortal allows remote attackers to delete arbitrary messages as an administrator via a delete operation in an img BBcode tag.... Read more

    Affected Products : mkportal
    • Published: Dec. 26, 2006
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2023-46237

    FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, an endpoint intended to offer limited enumeration abilities to authenticated users was accessible to unauthenticated users. This enabled unauthent... Read more

    Affected Products : fogproject
    • Published: Oct. 31, 2023
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2006-6469

    Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 do not block the postgres port (5432/tcp), which has unknown impact and remote attack vectors, probably related to unauthorized connections ... Read more

    Affected Products : workcentre
    • Published: Dec. 11, 2006
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2006-6467

    Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 do not properly restrict access to SMB file resources, which allows remote attackers to gain unspecified file or directory access via vector... Read more

    Affected Products : workcentre
    • Published: Dec. 11, 2006
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2019-0715

    A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the h... Read more

    • Published: Aug. 14, 2019
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2006-6047

    Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apa... Read more

    Affected Products : etomite
    • Published: Nov. 22, 2006
    • Modified: Apr. 09, 2025

  • 5.8

    MEDIUM
    CVE-2006-5924

    Cross-site scripting (XSS) vulnerability in index.php in Efficient IP iPmanager (IPm) 2.3 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter. NOTE: the provenance of this information is unknown; details are obtained f... Read more

    Affected Products : ipmanager
    • Published: Nov. 15, 2006
    • Modified: Apr. 09, 2025
Showing 20 of 294848 Results