Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2007-0578

    The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service (infinite loop) by closing the HTTP connection early.... Read more

    Affected Products : mpg123
    • Published: Jan. 30, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-46254

    capsule-proxy is a reverse proxy for Capsule kubernetes multi-tenancy framework. A bug in the RoleBinding reflector used by `capsule-proxy` gives ServiceAccount tenant owners the right to list Namespaces of other tenants backed by the same owner kind and ... Read more

    Affected Products : capsule capsule-proxy
    • Published: Nov. 06, 2023
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-2400

    Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scri... Read more

    • Published: Jun. 25, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-2721

    The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally d... Read more

    Affected Products : jasper_jpeg-2000
    • Published: May. 16, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-1101

    Multiple cross-site scripting (XSS) vulnerabilities in Photostand 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) message ("comment") or (2) name field, or the (3) q parameter in a search action in index.php.... Read more

    Affected Products : photostand
    • Published: Feb. 26, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-2513

    Novell GroupWise 7 before SP2 20070524, and GroupWise 6 before 6.5 post-SP6 20070522, allows remote attackers to obtain credentials via a man-in-the-middle attack.... Read more

    Affected Products : groupwise
    • Published: Jun. 04, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2012-0675

    Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Capsule credentials by spoofing the backup volume.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: May. 11, 2012
    • Modified: Apr. 11, 2025

  • 4.3

    MEDIUM
    CVE-2019-8163

    Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead... Read more

    • Published: Oct. 17, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2019-13661

    UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page.... Read more

    Affected Products : chrome
    • Published: Nov. 25, 2019
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-1611

    Cross-site scripting (XSS) vulnerability in the RSS reader in a certain SOURCENEXT product, probably IKANARI JIJYOU 1.0.0 and 1.0.1, allows remote attackers to inject arbitrary web script or HTML via the title of an article in a feed.... Read more

    Affected Products : ikanari_jijyou
    • Published: Mar. 22, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-6954

    Flock beta 1 0.7 allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723.... Read more

    Affected Products : flock
    • Published: Jan. 29, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-2203

    Cross-site scripting (XSS) vulnerability in Big Blue Guestbook allows remote attackers to inject arbitrary web script or HTML via the message field in the guestbook entry submission form.... Read more

    Affected Products : guestbook
    • Published: Apr. 24, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-7023

    Multiple cross-site scripting (XSS) vulnerabilities in fx-APP 0.0.8.1 allow remote attackers to inject arbitrary HTML or web script via (1) the search box, and the (2) url, (3) website, (4) comment, and (5) signature fields in the profile, and possibly (6... Read more

    Affected Products : fx-app
    • Published: Feb. 15, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-0451

    Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."... Read more

    Affected Products : spamassassin
    • Published: Feb. 16, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-0583

    Multiple cross-site scripting (XSS) vulnerabilities in HTTP Commander 6.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) LogoffMessage parameter to logofflast.aspx or the (2) txtUsername parameter to Defau... Read more

    Affected Products : http_commander
    • Published: Jan. 30, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-7002

    Cross-site scripting (XSS) vulnerability in add_comment.php in Wheatblog (wB) 1.1 allows remote attackers to inject arbitrary web script or HTML via the Email field. NOTE: the provenance of this information is unknown; the details are obtained solely fro... Read more

    Affected Products : wheatblog
    • Published: Feb. 12, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-1109

    Multiple cross-site scripting (XSS) vulnerabilities in Phpwebgallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) login or (2) mail_address field in Register.php, or the (3) search_author, (4) mode, (5) start_year, (6) e... Read more

    Affected Products : phpwebgallery
    • Published: Feb. 26, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-46442

    An infinite loop in the retrieveActiveBody function of Soot before v4.4.1 under Java 8 allows attackers to cause a Denial of Service (DoS).... Read more

    Affected Products :
    • Published: May. 24, 2024
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-1627

    The My Private Site WordPress plugin before 3.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack... Read more

    Affected Products : my_private_site
    • Published: Jun. 27, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2007-1199

    Adobe Reader and Acrobat Trial allow remote attackers to read arbitrary files via a file:// URI in a PDF document, as demonstrated with <</URI(file:///C:/)/S/URI>>, a different issue than CVE-2007-0045.... Read more

    Affected Products : acrobat_reader
    • Published: Mar. 02, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 294693 Results