Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2013-5772

    Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat.... Read more

    Affected Products : jdk jre jre jdk
    • EPSS Score: %1.47
    • Published: Oct. 16, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2004-0452

    Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink at... Read more

    Affected Products : perl
    • EPSS Score: %0.05
    • Published: Dec. 21, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2012-5559

    Cross-site scripting (XSS) vulnerability in the page manager node view task in the Chaos tool suite (ctools) module 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with permissions to submit or edit nodes to inject arbitrary web scrip... Read more

    Affected Products : ctools
    • EPSS Score: %0.19
    • Published: Dec. 03, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2011-4363

    ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS.... Read more

    Affected Products : perl proc\
    • EPSS Score: %0.05
    • Published: Oct. 07, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-3571

    socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor consumption) via multiple request that are refused based o... Read more

    Affected Products : socat
    • EPSS Score: %0.82
    • Published: May. 08, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2011-3218

    The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the htt... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %0.66
    • Published: Oct. 14, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-4600

    Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an... Read more

    Affected Products : otrs otrs_itsm
    • EPSS Score: %1.05
    • Published: Aug. 31, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2011-3427

    The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive inform... Read more

    Affected Products : iphone_os apple_tv
    • EPSS Score: %0.31
    • Published: Oct. 14, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2015-1787

    The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service (daemon crash) via a ClientKeyE... Read more

    Affected Products : openssl
    • EPSS Score: %10.31
    • Published: Mar. 19, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2012-4534

    org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminatin... Read more

    Affected Products : tomcat
    • EPSS Score: %22.77
    • Published: Dec. 19, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-2037

    httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attack... Read more

    Affected Products : ubuntu_linux httplib2
    • EPSS Score: %0.49
    • Published: Jan. 18, 2014
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2010-3560

    Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality via unknown vectors.... Read more

    Affected Products : jre jdk
    • EPSS Score: %3.51
    • Published: Oct. 19, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2008-0456

    CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbi... Read more

    • EPSS Score: %14.34
    • Published: Jan. 25, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2013-4065

    Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote attackers to inject arbitrary web script or HTML via active content in an e-mail message, aka S... Read more

    Affected Products : lotus_inotes lotus_domino
    • EPSS Score: %0.24
    • Published: Dec. 21, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2008-3270

    yum-rhn-plugin in Red Hat Enterprise Linux (RHEL) 5 does not verify the SSL certificate for a file download from a Red Hat Network (RHN) server, which makes it easier for remote man-in-the-middle attackers to cause a denial of service (loss of updates) or... Read more

    Affected Products : enterprise_linux
    • EPSS Score: %0.30
    • Published: Aug. 18, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2010-4071

    Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2.4.x before 2.4.9, when RichText is enabled, allows remote attackers to inject arbitrary web script or HTML via JavaScript in an HTML e-mail.... Read more

    Affected Products : otrs
    • EPSS Score: %0.44
    • Published: Jan. 20, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2011-5256

    Cross-site scripting (XSS) vulnerability in the tooltips in LimeSurvey before 1.91+ Build 11379-20111116, when viewing survey results, allows remote attackers to inject arbitrary web script or HTML via unknown parameters.... Read more

    Affected Products : limesurvey
    • EPSS Score: %0.26
    • Published: Feb. 12, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-3848

    Cross-site scripting (XSS) vulnerability in CGI wrapper for IP Calculator (IPCalc) 0.40 allows remote attackers to inject arbitrary web script or HTML via the URI (REQUEST_URI environment variable), which is used in the actionurl variable.... Read more

    Affected Products : ip_calculator
    • EPSS Score: %0.80
    • Published: Jul. 25, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2012-6502

    Microsoft Internet Explorer before 10 allows remote attackers to obtain sensitive information about the existence of files, and read certain data from files, via a UNC share pathname in the SRC attribute of a SCRIPT element, as demonstrated by reading a n... Read more

    Affected Products : internet_explorer
    • EPSS Score: %6.50
    • Published: Jan. 22, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2007-1903

    Cross-site scripting (XSS) vulnerability in search.php in SonicBB 1.0 allows remote attackers to inject arbitrary web script or HTML via the part parameter.... Read more

    Affected Products : sonicbb
    • EPSS Score: %1.06
    • Published: May. 14, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 291216 Results