Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2006-1701

    Cross-site scripting (XSS) vulnerability in the Pages module in Shadowed Portal allows remote attackers to inject arbitrary web script or HTML via the page parameter to load.php.... Read more

    Affected Products : shadowed_portal
    • EPSS Score: %0.76
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2002-1444

    The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and 6.0, allows remote attackers to cause a denial of service (crash with an exception in oleaut32.dll) via malicious HTML, possibly related to small width and height parameters or an incorr... Read more

    Affected Products : internet_explorer toolbar
    • EPSS Score: %17.10
    • Published: Aug. 15, 2002
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2000-0726

    CGIMail.exe CGI program in Stalkerlab Mailers 1.1.2 allows remote attackers to read arbitrary files by specifying the file in the $Attach$ hidden form variable.... Read more

    Affected Products : mailers
    • EPSS Score: %0.50
    • Published: Oct. 20, 2000
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1674

    Cross-site scripting (XSS) vulnerability in search.php in PHPWebGallery 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-1675.... Read more

    Affected Products : phpwebgallery
    • EPSS Score: %0.35
    • Published: Apr. 10, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3044

    Cross-site scripting (XSS) vulnerability in LogiSphere 1.6.0 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected in an error page.... Read more

    Affected Products : logisphere
    • EPSS Score: %0.52
    • Published: Jun. 16, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2002-0422

    IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 20... Read more

    Affected Products : internet_information_services
    • EPSS Score: %48.52
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-1489

    Opera 7.54 and earlier does not properly limit an applet's access to internal Java packages from Sun, which allows remote attackers to gain sensitive information, such as user names and the installation directory.... Read more

    Affected Products : opera_browser
    • EPSS Score: %0.41
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-1396

    Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (application crash or CPU consumption) via (1) an mp4 or m4a playlist file that contains invalid tag data or (2) an invalid .nsv or .nsa file.... Read more

    Affected Products : winamp
    • EPSS Score: %2.61
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3050

    Directory traversal vulnerability in detail.php in SixCMS 6.0, and other versions before 6.0.6patch2, allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the template parameter.... Read more

    Affected Products : sixcms
    • EPSS Score: %5.60
    • Published: Jun. 16, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-1347

    ** UNVERIFIABLE ** NOTE: this issue describes a problem that can not be independently verified as of 20050421. Adobe Acrobat reader (AcroRd32.exe) 6.0 and earlier allows remote attackers to cause a denial of service ("Invalid-ID-Handle-Error" error) and... Read more

    Affected Products : acrobat_reader
    • EPSS Score: %8.23
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-2414

    Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service (application crash) via a large HTML file that loads a DOM call from within nested DIV tags, ... Read more

    Affected Products : xpcom
    • EPSS Score: %5.00
    • Published: Aug. 03, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3038

    Cross-site scripting (XSS) vulnerability in index.php in Cescripts Realty Room Rent allows remote attackers to inject arbitrary web script or HTML via the sel_menu parameter. NOTE: the vendor notified CVE on 20060823 that "All issues concerning this scri... Read more

    Affected Products : realty_room_rent
    • EPSS Score: %0.50
    • Published: Jun. 15, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-0348

    Directory traversal vulnerability in RealArcade 1.2.0.994 allows remote attackers to delete arbitrary files via an RGP file with a .. (dot dot) in the FILENAME tag.... Read more

    Affected Products : realarcade
    • EPSS Score: %1.22
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2262

    Cross-site scripting (XSS) vulnerability in index.php in singapore 0.9.7 allows remote attackers to inject arbitrary web script or HTML via the image parameter.... Read more

    Affected Products : singapore
    • EPSS Score: %4.02
    • Published: May. 09, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2013-5309

    Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php. N... Read more

    Affected Products : fudforum fudforum
    • EPSS Score: %0.30
    • Published: Aug. 16, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2009-2492

    Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-2480.... Read more

    Affected Products : movable_type movable_type movable_type
    • EPSS Score: %0.36
    • Published: Jul. 17, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-1673

    Cross-site scripting (XSS) vulnerability in vbugs.php in Dark_Wizard vBug Tracker 3.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the sortorder parameter.... Read more

    Affected Products : vbug_tracker
    • EPSS Score: %0.68
    • Published: Apr. 07, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1120

    Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 6.1.1 and earlier, with register_globals enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) its_url parameter in the documents page and (2) url parameter in ... Read more

    Affected Products : dcp-portal
    • EPSS Score: %1.45
    • Published: Mar. 09, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2009-1614

    Multiple cross-site scripting (XSS) vulnerabilities in Leap CMS 0.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the msg parameter (aka the message in an article comment) or (2) the searchterm parameter (aka the search post form... Read more

    Affected Products : leap
    • EPSS Score: %0.23
    • Published: May. 11, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2008-0456

    CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbi... Read more

    • EPSS Score: %14.34
    • Published: Jan. 25, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 291274 Results