Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2007-0578

    The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service (infinite loop) by closing the HTTP connection early.... Read more

    Affected Products : mpg123
    • Published: Jan. 30, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-0628

    Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allow remote attackers to inject arbitrary web script or HTML via the (1) goto or (2) gx-charset parameter. ... Read more

    Affected Products : java_system_access_manager
    • Published: Jan. 31, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-0583

    Multiple cross-site scripting (XSS) vulnerabilities in HTTP Commander 6.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) LogoffMessage parameter to logofflast.aspx or the (2) txtUsername parameter to Defau... Read more

    Affected Products : http_commander
    • Published: Jan. 30, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-0595

    Cross-site scripting (XSS) vulnerability in search in High 5 Review Site allows remote attackers to inject arbitrary web script or HTML via the q parameter (aka the search box).... Read more

    Affected Products : high5_review_script
    • Published: Jan. 30, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-7187

    Cross-site scripting (XSS) vulnerability in the show_recent_searches function in cgi-lib/user-lib/search.pl in web-app.net WebAPP before 20060909 allows remote attackers to inject arbitrary web script or HTML via the srch variable.... Read more

    Affected Products : webapp
    • Published: Apr. 03, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-7189

    Cross-site scripting (XSS) vulnerability in cgi-bin/admin/logs.cgi in web-app.net WebAPP before 20060403 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the Statistics Log Viewer.... Read more

    Affected Products : webapp
    • Published: Apr. 03, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-1239

    Microsoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference.... Read more

    Affected Products : excel
    • Published: Mar. 03, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2023-46628

    Missing Authorization vulnerability in RedLettuce Plugins WP Word Count allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Word Count: from n/a through 3.2.4.... Read more

    Affected Products : wp_word_count
    • Published: Jan. 02, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: Authorization

  • 4.3

    MEDIUM
    CVE-2007-0607

    W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores globals.inc under the web document root with insufficient access control, which allows remote attackers to obtain application path information via a direct request.... Read more

    Affected Products : w-agora
    • Published: Mar. 20, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-1234

    Multiple cross-site scripting (XSS) vulnerabilities in sitex allow remote attackers to inject arbitrary web script or HTML via (1) the sxYear parameter to calendar.php, (2) the search parameter to search.php, (3) the linkid parameter to redirect.php, or (... Read more

    Affected Products : sitex
    • Published: Mar. 03, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-0242

    The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that d... Read more

    Affected Products : qt
    • Published: Apr. 03, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-1231

    Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) database name, (2) table name, (3) ViewName, (4) view, (5) trigger, and (6) function fields in main.php an... Read more

    Affected Products : sqlitemanager
    • Published: Mar. 03, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-0547

    Cross-site scripting (XSS) vulnerability in CGI-RESCUE WebFORM 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : webform
    • Published: Jan. 29, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-6832

    Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to poll.php or the module title.... Read more

    Affected Products : joomla
    • Published: Dec. 31, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-1238

    Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file.... Read more

    Affected Products : office
    • Published: Mar. 03, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-7226

    Perl-Compatible Regular Expression (PCRE) library before 6.7 does not properly calculate the compiled memory allocation for regular expressions that involve a quantified "subpattern containing a named recursion or subroutine reference," which allows conte... Read more

    • Published: Dec. 03, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-5932

    Multiple cross-site scripting (XSS) vulnerabilities in Fatwire Content Server (CS) CMS 6.3.0 allow remote attackers to inject arbitrary web script or HTML via unspecified form fields related to the (1) search function, (2) advanced search function, and po... Read more

    Affected Products : fatwire_content_server
    • Published: Nov. 10, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2007-1245

    IrfanView 3.99 allows remote attackers to cause a denial of service (application crash) via a malformed WMF file.... Read more

    Affected Products : irfanview
    • Published: Mar. 03, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-7230

    Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependen... Read more

    Affected Products : pcre
    • Published: Nov. 15, 2007
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2022-34888

    The Remote Mount feature can potentially be abused by valid, authenticated users to make connections to internal services that may not normally be accessible to users. Internal service access controls, as applicable, remain in effect.... Read more

    • Published: Jan. 30, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 294528 Results