Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2024-32405

    Cross Site Scripting vulnerability in inducer relate before v.2024.1 allows a remote attacker to escalate privileges via a crafted payload to the Answer field of InlineMultiQuestion parameter on Exam function.... Read more

    Affected Products : relate
    • Published: Apr. 22, 2024
    • Modified: Jun. 13, 2025

  • 2.6

    LOW
    CVE-2006-1256

    Cross-site scripting (XSS) vulnerability in guestbook.php in Soren Boysen (SkullSplitter) PHP Guestbook 2.6 allows remote attackers to inject arbitrary web script or HTML via the url parameter.... Read more

    Affected Products : php_guestbook
    • EPSS Score: %1.03
    • Published: Mar. 19, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2011-3872

    Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certific... Read more

    • EPSS Score: %2.78
    • Published: Oct. 27, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-4505

    The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL... Read more

    Affected Products : subversion mod_dontdothat
    • EPSS Score: %1.79
    • Published: Dec. 07, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-5908

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.... Read more

    • EPSS Score: %5.87
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2011-1499

    acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy serv... Read more

    Affected Products : debian_linux tinyproxy
    • EPSS Score: %0.78
    • Published: Apr. 29, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2005-0492

    Adobe Acrobat Reader 6.0.3 and 7.0.0 allows remote attackers to cause a denial of service (application crash) via a PDF file that contains a negative Count value in the root page node.... Read more

    Affected Products : acrobat_reader
    • EPSS Score: %1.79
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1848

    Multiple cross-site scripting (XSS) vulnerabilities in stats_view.php in LinPHA 1.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, and (3) date parameter.... Read more

    Affected Products : linpha
    • EPSS Score: %0.67
    • Published: Apr. 19, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1673

    Cross-site scripting (XSS) vulnerability in vbugs.php in Dark_Wizard vBug Tracker 3.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the sortorder parameter.... Read more

    Affected Products : vbug_tracker
    • EPSS Score: %0.68
    • Published: Apr. 07, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-2547

    NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error mess... Read more

    Affected Products : surgemail webmail
    • EPSS Score: %16.00
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2009-2492

    Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-2480.... Read more

    Affected Products : movable_type movable_type movable_type
    • EPSS Score: %0.36
    • Published: Jul. 17, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-1833

    Intel RNG Driver in NetBSD 1.6 through 3.0 may incorrectly detect the presence of the pchb interface, which will cause it to always generate the same random number, which allows remote attackers to more easily crack encryption keys generated from the inte... Read more

    Affected Products : netbsd
    • EPSS Score: %0.32
    • Published: Apr. 19, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2366

    ircp_io.c in libopenobex for ircp 1.2, when ircp is run with the -r option, does not prompt the user when overwriting files, which allows user-assisted remote attackers to overwrite dangerous files via an arbitrary destination file name in an OBEX File Tr... Read more

    Affected Products : openobex
    • EPSS Score: %0.39
    • Published: May. 15, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2012-3408

    lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used ... Read more

    Affected Products : puppet_enterprise puppet puppet
    • EPSS Score: %0.26
    • Published: Aug. 06, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-5951

    Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer 2.1.3, when used as a component for Joomla!, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) application.js.php in scripts/ or (2) admin.php, (3) copy_... Read more

    Affected Products : extplorer
    • EPSS Score: %0.32
    • Published: Mar. 25, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2007-5710

    Cross-site scripting (XSS) vulnerability in wp-admin/edit-post-rows.php in WordPress 2.3 allows remote attackers to inject arbitrary web script or HTML via the posts_columns array parameter.... Read more

    Affected Products : wordpress
    • EPSS Score: %3.13
    • Published: Oct. 30, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2012-3507

    Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in RoundCube Webmail before 0.8.0, when using the Larry skin, allows remote attackers to inject arbitrary web script or HTML via the email message subject.... Read more

    Affected Products : webmail roundcube_webmail
    • EPSS Score: %0.41
    • Published: Aug. 25, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-7078

    Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property ... Read more

    Affected Products : typo3
    • EPSS Score: %0.49
    • Published: Jan. 19, 2014
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2002-1813

    Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8.2790 allows remote attackers to execute arbitrary programs by specifying the program in the href attribute of a link.... Read more

    Affected Products : instant_messenger
    • EPSS Score: %3.06
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1806

    Cross-site scripting (XSS) vulnerability in index.php in Musicbox 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the term parameter in a search action.... Read more

    Affected Products : musicbox
    • EPSS Score: %0.53
    • Published: Apr. 18, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 291531 Results