Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2007-3822

    Multiple cross-site scripting (XSS) vulnerabilities in Webcit before 7.11 allow remote attackers to inject arbitrary web script or HTML via (1) the who parameter to showuser; and other vectors involving (2) calendar mode, (3) bulletin board mode, (4) room... Read more

    Affected Products : webcit
    • EPSS Score: %7.07
    • Published: Jul. 17, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-1761

    Cross-site scripting vulnerability in index.php in blur6ex 0.3.452 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter, which is not sanitized in the error message. NOTE: the vector in the shard parameter is not XSS a... Read more

    Affected Products : blur6ex
    • EPSS Score: %0.50
    • Published: Apr. 13, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-0396

    A race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of service.... Read more

    Affected Products : netbsd openbsd
    • EPSS Score: %0.66
    • Published: Feb. 17, 1999
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2913

    Cross-site scripting (XSS) vulnerability in SelectaPix 1.31 allows remote attackers to inject arbitrary web script or HTML via the albumID parameter to (1) popup.php and (2) view_album.php.... Read more

    Affected Products : selectapix
    • EPSS Score: %0.74
    • Published: Jun. 09, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-0869

    Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing.... Read more

    Affected Products : internet_explorer navigator
    • EPSS Score: %13.00
    • Published: Dec. 01, 1998
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-1576

    The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows uses the Content-Type HTTP header to determine the file type, but saves the original file extension when "Save to Disk" is selected, which allows remote attackers to hide the real file... Read more

    Affected Products : firefox
    • EPSS Score: %0.49
    • Published: May. 12, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2001-1521

    Cross-site scripting (XSS) vulnerability in user.php in PostNuke 0.64 allows remote attackers to inject arbitrary web script or HTML via the uname parameter.... Read more

    Affected Products : postnuke
    • EPSS Score: %0.35
    • Published: Dec. 31, 2001
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1750

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in Autogallery 0.41 allow remote attackers to inject arbitrary web script or HTML via the (1) pic or (2) show parameters.... Read more

    Affected Products : autogallery
    • EPSS Score: %0.57
    • Published: Apr. 12, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2007-4831

    Multiple cross-site scripting (XSS) vulnerabilities in account_settings.php in TorrentTrader 1.07 allow remote attackers to inject arbitrary web script or HTML via the (1) avatar and (2) title parameters.... Read more

    Affected Products : torrenttrader
    • EPSS Score: %0.33
    • Published: Sep. 12, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-3063

    Multiple cross-site scripting (XSS) vulnerabilities in myPHP Guestbook 1.x through 2.0.0-r1 and before 2.0.1 RC5 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) email, (3) homepage, (4) id, (5) name, and (6) text par... Read more

    Affected Products : myphp_guestbook
    • EPSS Score: %0.42
    • Published: Jun. 19, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2000-0518

    Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities.... Read more

    Affected Products : internet_explorer ie
    • EPSS Score: %2.19
    • Published: Jun. 05, 2000
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4071

    Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafte... Read more

    Affected Products : windows_2003_server windows_xp
    • EPSS Score: %22.84
    • Published: Aug. 10, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2001-0089

    Internet Explorer 5.0 through 5.5 allows remote attackers to read arbitrary files from the client via the INPUT TYPE element in an HTML form, aka the "File Upload via Form" vulnerability.... Read more

    Affected Products : internet_explorer
    • EPSS Score: %38.30
    • Published: Feb. 16, 2001
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-1615

    Opera allows remote attackers to cause a denial of service (invalid memory reference and application crash) via a web page or HTML email that contains a TBODY tag with a large COL SPAN value, as demonstrated by mangleme.... Read more

    Affected Products : opera_browser
    • EPSS Score: %1.57
    • Published: Oct. 18, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3656

    Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-assisted attackers to cause memory corruption via a crafted PowerPoint file, which triggers the corruption when the file is closed. NOTE: due to the lack of available details as of 200607... Read more

    Affected Products : powerpoint
    • EPSS Score: %65.97
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4011

    PHP remote file inclusion vulnerability in esupport/admin/autoclose.php in Kayako eSupport 2.3.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the subd parameter.... Read more

    Affected Products : esupport
    • EPSS Score: %5.04
    • Published: Aug. 07, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-0190

    Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to delete arbitrary files via a Real Metadata Packages (RMP) file with a FILENAME tag containing .. (dot dot) sequences in a filename that ends with a ?... Read more

    Affected Products : realplayer realone_player
    • EPSS Score: %3.11
    • Published: Sep. 29, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2024-32771

    An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary n... Read more

    Affected Products : quts_hero qts qutscloud
    • Published: Sep. 06, 2024
    • Modified: Sep. 20, 2024

  • 2.6

    LOW
    CVE-2014-3886

    Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when referrer checking is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.... Read more

    Affected Products : webmin
    • EPSS Score: %0.25
    • Published: Jul. 20, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2010-1157

    Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm f... Read more

    Affected Products : tomcat
    • EPSS Score: %17.00
    • Published: Apr. 23, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 291219 Results