Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2010-4584

    Opera before 11.00, when Opera Turbo is used, does not properly present information about problematic X.509 certificates on https web sites, which might make it easier for remote attackers to spoof trusted content via a crafted web site.... Read more

    Affected Products : opera_browser
    • EPSS Score: %0.18
    • Published: Dec. 22, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2010-3862

    The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 throug... Read more

    • EPSS Score: %1.39
    • Published: Dec. 30, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-1999-0468

    Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component.... Read more

    Affected Products : internet_explorer
    • EPSS Score: %4.29
    • Published: Apr. 09, 1999
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2010-3172

    CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3.4.9, 3.6.x before 3.6.3, and 4.0.x before 4.0rc1, when Server Push is enabled in a web browser, allows remote attackers to inject arbitrary HTTP headers and content, and conduct HTTP re... Read more

    Affected Products : bugzilla
    • EPSS Score: %0.73
    • Published: Nov. 05, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2010-2788

    Cross-site scripting (XSS) vulnerability in profileinfo.php in MediaWiki before 1.15.5, when wgEnableProfileInfo is enabled, allows remote attackers to inject arbitrary web script or HTML via the filter parameter.... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.66
    • Published: Apr. 27, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2010-1796

    The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for ... Read more

    • EPSS Score: %0.36
    • Published: Jul. 30, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2004-0452

    Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink at... Read more

    Affected Products : perl
    • EPSS Score: %0.05
    • Published: Dec. 21, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-0124

    The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."... Read more

    • EPSS Score: %36.36
    • Published: Jun. 01, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2011-1499

    acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy serv... Read more

    Affected Products : debian_linux tinyproxy
    • EPSS Score: %0.78
    • Published: Apr. 29, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2005-0232

    Firefox 1.0 allows remote attackers to modify Boolean configuration parameters for the about:config site by using a plugin such as Flash, and the -moz-opacity filter, to display the about:config site then cause the user to double-click at a certain screen... Read more

    Affected Products : firefox
    • EPSS Score: %1.32
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2012-2947

    chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial o... Read more

    • EPSS Score: %4.30
    • Published: Jun. 02, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2004-2014

    Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded.... Read more

    Affected Products : wget
    • EPSS Score: %0.12
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2008-3962

    The from_format function in ssmtp.c in ssmtp 2.61 and 2.62, in certain configurations, uses uninitialized memory for the From: field of an e-mail message, which might allow remote attackers to obtain sensitive information (memory contents) in opportunisti... Read more

    Affected Products : ssmtp
    • EPSS Score: %0.61
    • Published: Sep. 11, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2005-1049

    Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) module parameter to admin.php or (2) op parameter to user.php. NOTE: the vendor reports that certain issues could... Read more

    Affected Products : postnuke
    • EPSS Score: %13.24
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2011-1945

    The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easi... Read more

    Affected Products : openssl
    • EPSS Score: %4.94
    • Published: May. 31, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2007-5274

    Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the ... Read more

    Affected Products : firefox opera_browser jre sdk jdk
    • EPSS Score: %4.78
    • Published: Oct. 08, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2008-5519

    The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that i... Read more

    Affected Products : tomcat mod_jk
    • EPSS Score: %5.78
    • Published: Apr. 09, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-5681

    QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with Quartz Composer, allows remote attackers to obtain sensitive information (screen images) via a Java applet that accesses images that are being rendered by other embedded QuickTime objects.... Read more

    Affected Products : mac_os_x mac_os_x_server mac_os_x
    • EPSS Score: %0.65
    • Published: Dec. 20, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2002-1444

    The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and 6.0, allows remote attackers to cause a denial of service (crash with an exception in oleaut32.dll) via malicious HTML, possibly related to small width and height parameters or an incorr... Read more

    Affected Products : internet_explorer toolbar
    • EPSS Score: %17.10
    • Published: Aug. 15, 2002
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-5404

    Unspecified vulnerability in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to obtain sensitive information via unspeci... Read more

    • EPSS Score: %0.71
    • Published: Oct. 19, 2006
    • Modified: Apr. 09, 2025
Showing 20 of 291265 Results