Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-1999-0031

    JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability.... Read more

    Affected Products : internet_explorer communicator
    • EPSS Score: %2.94
    • Published: Jul. 08, 1997
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1224

    Directory traversal vulnerability in dwnld.php in GuppY 4.5.11 allows remote attackers to overwrite arbitrary files via a "%2E." (mixed encoding) in the pg parameter.... Read more

    Affected Products : guppy
    • EPSS Score: %9.20
    • Published: Mar. 14, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3923

    Cross-site scripting (XSS) vulnerability in add.php in Fire-Mouse Toplist 1.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the Seitenname parameter.... Read more

    Affected Products : fire-mouse_toplist
    • EPSS Score: %0.68
    • Published: Jul. 28, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2012-5588

    The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when using a field permission module and the field contact field formatter is set to the full or teaser display mode, does not properly check permissions, which allows remote attackers to email the... Read more

    Affected Products : drupal email email
    • EPSS Score: %0.21
    • Published: Dec. 26, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2024-39271

    Improper restriction of communication channel to intended endpoints in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software before version 23.80 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.... Read more

    Affected Products :
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Information Disclosure

  • 2.6

    LOW
    CVE-2014-0381

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology, a different vulnerability than CVE-2014-0445.... Read more

    Affected Products : peoplesoft_products
    • EPSS Score: %0.52
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2022-4270

    Incorrect privilege assignment issue in M-Files Web in M-Files Web versions before 22.5.11436.1 could have changed permissions accidentally.... Read more

    Affected Products : m-files_server m-files
    • EPSS Score: %0.09
    • Published: Dec. 02, 2022
    • Modified: Nov. 21, 2024

  • 2.6

    LOW
    CVE-2006-2891

    Cross-site scripting (XSS) vulnerability in admin/index.php for Pixelpost 1-5rc1-2 and earlier allows remote attackers to inject arbitrary HTML or web script via the loginmessage parameter.... Read more

    Affected Products : pixelpost
    • EPSS Score: %0.49
    • Published: Jun. 07, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2903

    Cross-site scripting (XSS) vulnerability in admin.php in Particle Links 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the username parameter.... Read more

    Affected Products : particle_links
    • EPSS Score: %0.42
    • Published: Jun. 08, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3841

    Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before bein... Read more

    Affected Products : webscarab
    • EPSS Score: %0.56
    • Published: Jul. 25, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2011-1066

    Cross-site scripting (XSS) vulnerability in the Messaging module 6.x-2.x before 6.x-2.4 and 6.x-4.x before 6.x-4.0-beta8 for Drupal allows remote attackers with administer messaging permissions to inject arbitrary web script or HTML via unspecified vector... Read more

    Affected Products : drupal messaging
    • EPSS Score: %0.27
    • Published: Feb. 23, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-1792

    Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Setup/Application/Install/RPC/DBCheck.php in OSCommerce Online Merchant 3.0.2, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the... Read more

    Affected Products : online_merchant
    • EPSS Score: %0.22
    • Published: May. 27, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-2258

    Cross-site scripting (XSS) vulnerability in Logon.asp in MaxxSchedule 1.0 allows remote attackers to inject arbitrary web script or HTML via the Error parameter.... Read more

    Affected Products : maxxschedule
    • EPSS Score: %0.62
    • Published: May. 09, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2165

    Multiple cross-site scripting (XSS) vulnerabilities in Avactis Shopping Cart 0.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) category_id parameter in (a) store_special_offers.php and (b) store.php and (2) prod_i... Read more

    Affected Products : avactis_shopping_cart
    • EPSS Score: %0.36
    • Published: May. 04, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2518

    Cross-site scripting (XSS) vulnerability in phpwcms 1.2.5-DEV allows remote attackers to inject arbitrary web script or HTML via the BL[be_cnt_plainhtml] parameter to include/inc_tmpl/content/cnt6.inc.php.... Read more

    Affected Products : phpwcms
    • EPSS Score: %0.62
    • Published: May. 22, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2024-20911

    Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracl... Read more

    Affected Products : audit_vault_and_database_firewall
    • Published: Feb. 17, 2024
    • Modified: Mar. 27, 2025

  • 2.6

    LOW
    CVE-2006-2653

    Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter.... Read more

    Affected Products : dsa-3100_airspot_gateway
    • EPSS Score: %0.70
    • Published: May. 30, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2024-1949

    A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x before 9.4.2 allows an authenticated attacker to gain unauthorized access to individual posts' contents via carefully timed post creation while another user deletes posts. ... Read more

    Affected Products : mattermost_server mattermost
    • Published: Feb. 29, 2024
    • Modified: Dec. 13, 2024

  • 2.6

    LOW
    CVE-2006-2538

    IE Tab 1.0.9 plugin for Mozilla Firefox 1.5.0.3 allows remote user-assisted attackers to cause a denial of service (application crash), possibly due to a null dereference, via certain Javascript, as demonstrated using a url parameter to the content/reload... Read more

    Affected Products : firefox ie_tab
    • EPSS Score: %0.74
    • Published: May. 22, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2012-2632

    SEIL routers with firmware SEIL/x86 1.00 through 2.35, SEIL/X1 2.30 through 3.75, SEIL/X2 2.30 through 3.75, and SEIL/B1 2.30 through 3.75, when the http-proxy and application-gateway features are enabled, do not properly handle the CONNECT command, which... Read more

    Affected Products : b1_firmware b1 x1 x2 x86_firmware
    • EPSS Score: %0.18
    • Published: Jun. 15, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 291222 Results