Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2008-2933

    Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involvi... Read more

    Affected Products : firefox
    • EPSS Score: %7.09
    • Published: Jul. 17, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2005-0232

    Firefox 1.0 allows remote attackers to modify Boolean configuration parameters for the about:config site by using a plugin such as Flash, and the -moz-opacity filter, to display the about:config site then cause the user to double-click at a certain screen... Read more

    Affected Products : firefox
    • EPSS Score: %1.32
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-0837

    MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs.... Read more

    Affected Products : debian_linux mysql mysql
    • EPSS Score: %2.36
    • Published: Nov. 03, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2012-3216

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown ... Read more

    Affected Products : jdk jre jre jdk
    • EPSS Score: %2.07
    • Published: Oct. 16, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2011-3634

    methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors.... Read more

    Affected Products : ubuntu_linux advanced_package_tool
    • EPSS Score: %0.16
    • Published: Mar. 01, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2012-3507

    Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in RoundCube Webmail before 0.8.0, when using the Larry skin, allows remote attackers to inject arbitrary web script or HTML via the email message subject.... Read more

    Affected Products : webmail roundcube_webmail
    • EPSS Score: %0.41
    • Published: Aug. 25, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-0287

    Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the query string in a POST operation that is not properly ... Read more

    Affected Products : internet_explorer wordpress
    • EPSS Score: %0.52
    • Published: Jan. 06, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-5951

    Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer 2.1.3, when used as a component for Joomla!, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) application.js.php in scripts/ or (2) admin.php, (3) copy_... Read more

    Affected Products : extplorer
    • EPSS Score: %0.32
    • Published: Mar. 25, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2011-1772

    Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the... Read more

    Affected Products : struts xwork webwork
    • EPSS Score: %59.44
    • Published: May. 13, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-0099

    Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to sshd.... Read more

    Affected Products : sunos solaris
    • EPSS Score: %0.60
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2007-3622

    Unspecified vulnerability in DomainPOP in Alt-N Technologies MDaemon before 9.61 allows remote attackers to cause a denial of service (crash) via malformed messages.... Read more

    Affected Products : mdaemon
    • EPSS Score: %1.05
    • Published: Jul. 09, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2025-25985

    An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP camera (Hw_HsAKPIQp_WF_XHR) 1020302 allows a physically proximate attacker to execute arbitrary code via the /mnt/mtd/mvconf/wifi.ini and /mnt/mtd/mvconf/user_info.ini components.... Read more

    Affected Products : v380e6_c1_firmware v380e6_c1
    • Published: Apr. 18, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Authentication

  • 2.6

    LOW
    CVE-2025-27707

    Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access.... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Denial of Service

  • 2.6

    LOW
    CVE-2025-46570

    vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.9.0, when a new prompt is processed, if the PageAttention mechanism finds a matching prefix chunk, the prefill process speeds up, which is reflected in the TTFT (... Read more

    Affected Products : vllm
    • Published: May. 29, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Information Disclosure

  • 2.6

    LOW
    CVE-2024-41984

    A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application improperly handles error whi... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Information Disclosure

  • 2.6

    LOW
    CVE-2014-4440

    The MCX Desktop Config Profiles implementation in Apple OS X before 10.10 retains web-proxy settings from uninstalled mobile-configuration profiles, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %0.84
    • Published: Oct. 18, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2007-3820

    konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed.... Read more

    Affected Products : konqueror
    • EPSS Score: %1.06
    • Published: Jul. 17, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2022-21929

    Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability... Read more

    Affected Products : edge_chromium
    • EPSS Score: %0.64
    • Published: Jan. 11, 2022
    • Modified: Nov. 21, 2024

  • 2.6

    LOW
    CVE-2012-0475

    Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site (1) XMLH... Read more

    Affected Products : firefox thunderbird seamonkey
    • EPSS Score: %0.29
    • Published: Apr. 25, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-4929

    The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext ... Read more

    Affected Products : android firefox debian_linux chrome
    • EPSS Score: %13.87
    • Published: Sep. 15, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 291335 Results