Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2006-6483

    Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML tags when protecting against cross-site scripting (XSS) attacks, which allows remote attackers to inject arbitrary web script or HTML via a NULL byte (%00) in certain HTML tags, as demonst... Read more

    Affected Products : coldfusion
    • EPSS Score: %2.00
    • Published: Dec. 12, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2014-1948

    OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users t... Read more

    • EPSS Score: %0.06
    • Published: Feb. 14, 2014
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2010-4734

    Multiple cross-site scripting (XSS) vulnerabilities in the comment feature in Skeletonz CMS 1.0, when the Blog plugin is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Email parameters. NOTE:... Read more

    Affected Products : skeletonz_cms_1.0
    • EPSS Score: %0.36
    • Published: Feb. 16, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-6146

    Buffer overflow in the HPDF_Page_Circle function in hpdf_page_operator.c in Takeshi Kanno Haru Free PDF Library (libharu2, aka libharu) 2.0.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via certain argum... Read more

    Affected Products : haru_free_pdf_library
    • EPSS Score: %0.47
    • Published: Nov. 28, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2012-5914

    Multiple cross-site scripting (XSS) vulnerabilities in the sed_import function in system/functions.php in Neocrome Seditio build 160 and 161 allow remote attackers to inject arbitrary web script or HTML via the (1) newmsg or (2) rtext parameter. NOTE: so... Read more

    Affected Products : seditio
    • EPSS Score: %0.48
    • Published: Nov. 17, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2010-3511

    Unspecified vulnerability in Oracle OpenSolaris allows local users to affect integrity and availability via unknown vectors related to Tooltalk.... Read more

    Affected Products : opensolaris
    • EPSS Score: %0.15
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2014-1646

    Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform memory copies, which allows remote attackers to cause a denial of service (read access violation and application crash) via a m... Read more

    Affected Products : encryption_desktop pgp_desktop
    • EPSS Score: %0.32
    • Published: Apr. 23, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2006-6123

    Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _REQUES... Read more

    • EPSS Score: %1.61
    • Published: Nov. 26, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-3273

    Cross-site scripting (XSS) vulnerability in menu.php in Some Chess 1.5 rc1 allows remote attackers to inject arbitrary web script or HTML via the user parameter ("New Name" field).... Read more

    Affected Products : some_chess
    • EPSS Score: %0.53
    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2000-0439

    Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain client cookies from another domain by including that domain name and escaped characters in a URL, aka the "Unauthorized Cookie Access" vulnerability.... Read more

    Affected Products : internet_explorer
    • EPSS Score: %14.82
    • Published: May. 11, 2000
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-0331

    Directory traversal vulnerability in WinRAR 3.42 and earlier, when the user clicks on the ZIP file to extract it, allows remote attackers to create arbitrary files via a ... (triple dot) in the filename of the ZIP file.... Read more

    Affected Products : winrar
    • EPSS Score: %0.38
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-0905

    Maxthon 1.2.0 allows remote malicious web sites to obtain potentially sensitive data from the search bar via the m2_search_text property.... Read more

    Affected Products : maxthon
    • EPSS Score: %7.42
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1992

    mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via nested OBJECT tags, which trigger invalid pointer dereferences including NULL dereferences. NOTE: the possibility of code ... Read more

    Affected Products : internet_explorer
    • EPSS Score: %48.62
    • Published: Apr. 25, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3039

    Cross-site scripting (XSS) vulnerability in index.php in Cescripts Realty Home Rent allows remote attackers to inject arbitrary web script or HTML via the sel_menu parameter. NOTE: the vendor notified CVE on 20060823 that "All issues concerning this scri... Read more

    Affected Products : realty_home_rent
    • EPSS Score: %0.50
    • Published: Jun. 15, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-1263

    Metamail before 2.7-7.2 allows remote attackers to overwrite arbitrary files via an e-mail message containing a uuencoded attachment that specifies the full pathname for the file to be modified, which is processed by uuencode in Metamail scripts such as s... Read more

    Affected Products : metamail
    • EPSS Score: %0.32
    • Published: Aug. 15, 2003
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2002-0292

    Cross-site scripting vulnerability in Slash before 2.2.5, as used in Slashcode and elsewhere, allows remote attackers to steal cookies and authentication information from other users via Javascript in a URL, possibly in the formkey field.... Read more

    Affected Products : slashcode
    • EPSS Score: %0.44
    • Published: May. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2014-2226

    Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : unifi_controller
    • EPSS Score: %0.29
    • Published: Jul. 29, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2004-0407

    The HTML form upload capability in ColdFusion MX 6.1 does not reclaim disk space if an upload is interrupted, which allows remote attackers to cause a denial of service (disk consumption) by repeatedly uploading files and interrupting the uploads before t... Read more

    Affected Products : coldfusion
    • EPSS Score: %3.85
    • Published: Jun. 01, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2013-4504

    The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL.... Read more

    Affected Products : drupal monster_menus
    • EPSS Score: %0.28
    • Published: May. 13, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2021-29473

    Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading,... Read more

    Affected Products : fedora debian_linux exiv2
    • EPSS Score: %0.14
    • Published: Apr. 26, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291255 Results