Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2002-0284

    Winamp 2.78 and 2.77, when opening a wma file that requires a license, sends the full path of the Temporary Internet Files directory to the web page that is processing the license, which could allow malicious web servers to obtain the pathname.... Read more

    Affected Products : winamp
    • EPSS Score: %0.45
    • Published: May. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-1009

    The Disney Go Express Search allows remote attackers to access and modify search information for users by connecting to an HTTP server on the user's system.... Read more

    Affected Products : go_express_search
    • EPSS Score: %0.35
    • Published: Dec. 12, 1999
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-1489

    Opera 7.54 and earlier does not properly limit an applet's access to internal Java packages from Sun, which allows remote attackers to gain sensitive information, such as user names and the installation directory.... Read more

    Affected Products : opera_browser
    • EPSS Score: %0.41
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-1396

    Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (application crash or CPU consumption) via (1) an mp4 or m4a playlist file that contains invalid tag data or (2) an invalid .nsv or .nsa file.... Read more

    Affected Products : winamp
    • EPSS Score: %2.61
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-1001

    Cisco Cache Engine allows a remote attacker to gain access via a null username and password.... Read more

    Affected Products : cache_engine
    • EPSS Score: %0.32
    • Published: Dec. 16, 1999
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2002-1444

    The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and 6.0, allows remote attackers to cause a denial of service (crash with an exception in oleaut32.dll) via malicious HTML, possibly related to small width and height parameters or an incorr... Read more

    Affected Products : internet_explorer toolbar
    • EPSS Score: %17.10
    • Published: Aug. 15, 2002
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2002-0422

    IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 20... Read more

    Affected Products : internet_information_services
    • EPSS Score: %48.52
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-0999

    zgv 5.5.3 allows remote attackers to cause a denial of service (application crash via segmentation fault) via crafted multiple-image (animated) GIF images.... Read more

    Affected Products : zgv_image_viewer
    • EPSS Score: %0.74
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-0790

    A remote attacker can read information from a Netscape user's cache via JavaScript.... Read more

    Affected Products : communicator
    • EPSS Score: %0.35
    • Published: Apr. 01, 2000
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-2083

    Opera Web Browser 7.0 through 7.23 allows remote attackers to trick users into executing a malicious file by embedding a CLSID in the file name, which causes the malicious file to appear as a trusted file type, aka "File Download Extension Spoofing."... Read more

    Affected Products : opera_browser
    • EPSS Score: %1.14
    • Published: Feb. 11, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-1909

    Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to cause a denial of service (crash) via certain RAR archives, such as those generated by the Beagle/Bagle worm.... Read more

    Affected Products : clamav clamav
    • EPSS Score: %0.91
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-0717

    A remote attacker can disable the virus warning mechanism in Microsoft Excel 97.... Read more

    • EPSS Score: %6.61
    • Published: May. 07, 1999
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2010-2322

    Absolute path traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a full pathname for a file within a .jar archive, a related issue to CVE-2010-0831. NOTE: th... Read more

    Affected Products : fastjar
    • EPSS Score: %0.74
    • Published: Jun. 18, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2014-0591

    The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exi... Read more

    Affected Products : bind
    • EPSS Score: %43.55
    • Published: Jan. 14, 2014
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2014-4208

    Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4220.... Read more

    Affected Products : jdk jre
    • EPSS Score: %2.09
    • Published: Jul. 17, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2014-9478

    Cross-site scripting (XSS) vulnerability in the preview in the ExpandTemplates extension for MediaWiki, when $wgRawHTML is set to true, allows remote attackers to inject arbitrary web script or HTML via the wpInput parameter to the Special:ExpandTemplates... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.28
    • Published: Jan. 16, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2014-6585

    Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6591.... Read more

    Affected Products : jdk jre
    • EPSS Score: %1.91
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2012-4037

    Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file.... Read more

    Affected Products : transmission
    • EPSS Score: %0.54
    • Published: Aug. 15, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2008-5503

    The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or acce... Read more

    Affected Products : firefox thunderbird seamonkey
    • EPSS Score: %0.84
    • Published: Dec. 17, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2012-4930

    The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obta... Read more

    Affected Products : firefox chrome
    • EPSS Score: %0.24
    • Published: Sep. 15, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 291255 Results