Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2006-3160

    Cross-site scripting (XSS) vulnerability in fm.php in ONEdotOH Simple File Manager (SFM) 0.24a and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.... Read more

    Affected Products : simple_file_manager
    • EPSS Score: %0.53
    • Published: Jun. 22, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2920

    Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote attackers to bypass the URI check functionality and makes it easier to conduct phishing attacks via a URI that begins with a space character.... Read more

    Affected Products : sylpheed sylpheed-claws
    • EPSS Score: %1.10
    • Published: Jun. 09, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4374

    IrfanView 3.98 (with plugins) allows user-assisted attackers to cause a denial of service (application crash) via a crafted ANI image file, possibly due to a buffer overflow.... Read more

    Affected Products : irfanview
    • EPSS Score: %3.96
    • Published: Aug. 26, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2015-5514

    Cross-site scripting (XSS) vulnerability in the Migrate module 7.x-2.x before 7.x-2.8 for Drupal, when the migrate_ui submodule is enabled, allows user-assisted remote attackers to inject arbitrary web script or HTML via a destination field label.... Read more

    Affected Products : migrate
    • EPSS Score: %0.36
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2012-2712

    Multiple cross-site scripting (XSS) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.1 for Drupal, when supporting manual entry of field identifiers, allow remote attackers to inject arbitrary web script or HTML via vectors related to thrown ... Read more

    Affected Products : drupal search_api
    • EPSS Score: %0.57
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2010-2852

    Cross-site scripting (XSS) vulnerability in modules/headlines/magpierss/scripts/magpie_debug.php in RunCms 2.1, when the Headlines module is enabled, allows remote attackers to inject arbitrary web script or HTML via the url parameter.... Read more

    Affected Products : runcms
    • EPSS Score: %0.45
    • Published: Jul. 25, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2001-1450

    Microsoft Internet Explorer 5.0 through 6.0 allows attackers to cause a denial of service (browser crash) via a crafted FTP URL such as "/.#./".... Read more

    Affected Products : internet_explorer
    • EPSS Score: %8.66
    • Published: May. 11, 2001
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2001-0324

    Windows 98 and Windows 2000 Java clients allow remote attackers to cause a denial of service via a Java applet that opens a large number of UDP sockets, which prevents the host from establishing any additional UDP connections, and possibly causes a crash.... Read more

    Affected Products : windows_2000 windows_98
    • EPSS Score: %3.55
    • Published: May. 03, 2001
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4909

    Cross-site scripting (XSS) vulnerability in Cisco Guard DDoS Mitigation Appliance before 5.1(6), when anti-spoofing is enabled, allows remote attackers to inject arbitrary web script or HTML via certain character sequences in a URL that are not properly h... Read more

    Affected Products : guard_ddos_mitigation_appliance
    • EPSS Score: %0.50
    • Published: Sep. 21, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2012-2710

    Cross-site scripting (XSS) vulnerability in the Zen module 6.x-1.x before 6.x-1.1 for Drupal, when "Append the content title to the end of the breadcrumb" is enabled, allows remote attackers to inject arbitrary web script or HTML via the content title in ... Read more

    Affected Products : drupal zen
    • EPSS Score: %0.36
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2009-2268

    Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : java_system_access_manager
    • EPSS Score: %0.24
    • Published: Jul. 01, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-2651

    Cross-site scripting (XSS) vulnerability in index.php in Vacation Rental Script 1.0 allows remote attackers to inject arbitrary web script or HTML via the obj parameter.... Read more

    Affected Products : vacation_rental_script
    • EPSS Score: %0.53
    • Published: May. 30, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3612

    Cross-site scripting (XSS) vulnerability in Phorum 5.1.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : phorum
    • EPSS Score: %0.30
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2002-1030

    Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections.... Read more

    Affected Products : weblogic_server
    • EPSS Score: %0.68
    • Published: Oct. 04, 2002
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-5614

    Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, allows remote attackers to cause a denial of service (svchost.exe crash) via a malformed DNS query, which results in a null pointer dere... Read more

    • EPSS Score: %88.42
    • Published: Oct. 31, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2010-4607

    Multiple cross-site scripting (XSS) vulnerabilities in Habari 0.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) additem_form parameter to system/admin/dash_additem.php and the (2) status_dat... Read more

    Affected Products : habari
    • EPSS Score: %2.69
    • Published: Dec. 29, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2004-1451

    Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facilitate phishing attacks.... Read more

    Affected Products : mozilla
    • EPSS Score: %0.45
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-1226

    Netscape Communicator 4.7 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long certificate key.... Read more

    Affected Products : communicator
    • EPSS Score: %0.50
    • Published: Oct. 28, 1999
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2022-31017

    Zulip is an open-source team collaboration tool. Versions 2.1.0 through and including 5.2 are vulnerable to a logic error. A stream configured as private with protected history, where new subscribers should not be allowed to see messages sent before they ... Read more

    Affected Products : zulip zulip_server
    • EPSS Score: %0.17
    • Published: Jun. 25, 2022
    • Modified: Nov. 21, 2024

  • 2.6

    LOW
    CVE-2000-0280

    Buffer overflow in the RealNetworks RealPlayer client versions 6 and 7 allows remote attackers to cause a denial of service via a long Location URL.... Read more

    Affected Products : realplayer
    • EPSS Score: %3.47
    • Published: Apr. 03, 2000
    • Modified: Apr. 03, 2025
Showing 20 of 291401 Results