Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2009-0362

    filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that allows remote attackers to cause a denial of service (forced authentication failures) via a crafted reverse-resolved DNS name (rhost) entry that contains a substring that is ... Read more

    Affected Products : fail2ban
    • Published: Feb. 13, 2009
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2006-0616

    Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 4 and earlier allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fourth issue."... Read more

    Affected Products : jre jdk
    • Published: Feb. 09, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2006-0617

    Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 5 and earlier allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fifth, sixth, and seventh is... Read more

    Affected Products : jre jdk
    • Published: Feb. 09, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2006-2468

    The WebLogic Server Administration Console in BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 displays the domain name in the Console login form, which allows remote attackers to obtain sensitive information.... Read more

    Affected Products : weblogic_server
    • Published: May. 19, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2006-0393

    OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a denial of service or determine account existence by attempting to log in using an invalid user, which causes the server to hang.... Read more

    Affected Products : mac_os_x mac_os_x_server mac_os_x
    • Published: Aug. 03, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2006-2458

    Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin... Read more

    Affected Products : libextractor
    • Published: May. 18, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2006-2229

    OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a... Read more

    Affected Products : openvpn openvpn_access_server
    • Published: May. 05, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2006-0734

    The SV_CheckForDuplicateNames function in Valve Software Half-Life CSTRIKE Dedicated Server 1.6 and earlier allows remote authenticated users to cause a denial of service (infinite loop and daemon hang) via a backslash character at the end of a connection... Read more

    • Published: Feb. 16, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2006-1147

    The Com_sprintf function in q_shared.c in Alien Arena 2006 Gold Edition 5.00 does not properly NULL terminate certain long strings, which allows remote attackers (possibly authenticated) to cause a denial of service (application crash) via a long skin, we... Read more

    Affected Products : alien_arena_2006
    • Published: Mar. 10, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2007-5232

    Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the... Read more

    Affected Products : jre sdk jdk
    • Published: Oct. 05, 2007
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2004-2621

    Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates a race condition that allows remote attackers to perfor... Read more

    Affected Products : contivity
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2006-1119

    fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is leaked in a PHP error message.... Read more

    Affected Products : cpanel fantastico_de_luxe
    • Published: Mar. 09, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2006-0174

    Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to obtain sensitive information (intranet IP addresses and enumerations of valid parameter values) via a direct request to hc, which reveals the ... Read more

    • Published: Jan. 11, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2008-3059

    member/settings_account.php in Octeth Oempro 3.5.5.1, and possibly other versions before 4, uses cleartext to transmit a password entered in the FormValue_Password field, which makes it easier for remote attackers to obtain sensitive information by sniffi... Read more

    Affected Products : oempro
    • Published: Dec. 03, 2008
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2006-0787

    wimpy_trackplays.php in Plaino Wimpy MP3 Player, possibly 5.2 and earlier, allows remote attackers to insert arbitrary strings into trackme.txt via the (1) trackFile, (2) trackArtist, and (3) trackTitle parameters, which can result in providing false info... Read more

    Affected Products : wimpy_mp3
    • Published: Feb. 19, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2006-0309

    Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows remote attackers on the local network, to cause a denial of service via IP packets with a null IP option length.... Read more

    Affected Products : befvp41
    • Published: Jan. 19, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2008-2809

    Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN... Read more

    Affected Products : firefox seamonkey navigator geckb
    • Published: Jul. 08, 2008
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2006-0981

    Directory traversal vulnerability in e-merge WinAce 2.6 and earlier allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a (1) zip or (2) tar archive.... Read more

    Affected Products : e-merge_winace
    • Published: Mar. 03, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2008-2104

    The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check.... Read more

    Affected Products : bugzilla
    • Published: May. 07, 2008
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2008-1301

    Absolute path traversal vulnerability in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote authenticated administrators to read arbitrary files via a full pathname in the filePath.0 param... Read more

    Affected Products : opencms
    • Published: Mar. 12, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 293641 Results