Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2007-5420

    The 3Com 3CRWER100-75 router with 1.2.10ww software, when remote management is disabled but a web server has been configured, serves a web page to external clients, which might allow remote attackers to obtain information about the router's existence and ... Read more

    Affected Products : 3crwe554g72t
    • EPSS Score: %0.56
    • Published: Oct. 12, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2007-5293

    Multiple cross-site scripting (XSS) vulnerabilities in IDMOS 1.0-beta (aka Phoenix) allow remote attackers to inject arbitrary web script or HTML via the (1) err_msg parameter to error.php and the (2) content parameter to templates/simple/ia.php.... Read more

    Affected Products : idmos
    • EPSS Score: %6.50
    • Published: Oct. 09, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-3795

    Multiple cross-site scripting (XSS) vulnerabilities in DeluxeBB before 1.08 allow remote attackers to inject arbitrary web script or HTML via the (1) membercookie cookie in header.php and the (2) redirect parameter in misc.php.... Read more

    Affected Products : deluxebb
    • EPSS Score: %0.56
    • Published: Jul. 24, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-4494

    Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) spip_login.php3 and (2) spip_pass.php3.... Read more

    Affected Products : spip
    • EPSS Score: %0.53
    • Published: Dec. 22, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3848

    Cross-site scripting (XSS) vulnerability in CGI wrapper for IP Calculator (IPCalc) 0.40 allows remote attackers to inject arbitrary web script or HTML via the URI (REQUEST_URI environment variable), which is used in the actionurl variable.... Read more

    Affected Products : ip_calculator
    • EPSS Score: %0.80
    • Published: Jul. 25, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-5363

    Unspecified vulnerability in Oracle Single Sign-On component in Oracle Application Server 10.1.2.0.1 and Collaboration Suite 10.1.2 has unknown impact and remote attack vectors, aka Vuln# SSO02.... Read more

    • EPSS Score: %0.75
    • Published: Oct. 18, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-0388

    Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 allows remote attackers to redirect users to local files and execute arbitrary JavaScript via unspecified vectors involving HTTP redirection to local resources.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %0.41
    • Published: Mar. 03, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1457

    Safari on Apple Mac OS X 10.4.6, when "Open `safe' files after downloading" is enabled, will automatically expand archives, which could allow remote attackers to overwrite arbitrary files via an archive that contains a symlink.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %1.23
    • Published: May. 12, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-5578

    Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka "TIF Folder Information Disclosure Vulnerabil... Read more

    Affected Products : ie
    • EPSS Score: %47.87
    • Published: Dec. 12, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-6677

    ESET NOD32 Antivirus before 1.1743 allows remote attackers to cause a denial of service (crash) via a crafted .CHM file that triggers a divide-by-zero error.... Read more

    Affected Products : nod32_antivirus nod32_antivirus
    • EPSS Score: %1.06
    • Published: Dec. 21, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2004-2083

    Opera Web Browser 7.0 through 7.23 allows remote attackers to trick users into executing a malicious file by embedding a CLSID in the file name, which causes the malicious file to appear as a trusted file type, aka "File Download Extension Spoofing."... Read more

    Affected Products : opera_browser
    • EPSS Score: %1.14
    • Published: Feb. 11, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2009-3300

    Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative Shibboleth allow remote attacker... Read more

    Affected Products : identity_provider service_provider
    • EPSS Score: %0.32
    • Published: Nov. 06, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2010-4883

    Cross-site scripting (XSS) vulnerability in manager/index.php in MODx Revolution 2.0.2-pl allows remote attackers to inject arbitrary web script or HTML via the modhash parameter.... Read more

    Affected Products : modx_revolution revolution
    • EPSS Score: %8.86
    • Published: Oct. 07, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-5681

    QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with Quartz Composer, allows remote attackers to obtain sensitive information (screen images) via a Java applet that accesses images that are being rendered by other embedded QuickTime objects.... Read more

    Affected Products : mac_os_x mac_os_x_server mac_os_x
    • EPSS Score: %0.65
    • Published: Dec. 20, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2010-5143

    McAfee VirusScan Enterprise before 8.8 allows local users to disable the product by leveraging administrative privileges to execute an unspecified Metasploit Framework module.... Read more

    Affected Products : virusscan_enterprise
    • EPSS Score: %0.05
    • Published: Aug. 22, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-4673

    Global variable overwrite vulnerability in maincore.php in PHP-Fusion 6.01.4 and earlier uses the extract function on the superglobals, which allows remote attackers to conduct SQL injection attacks via the _SERVER[REMOTE_ADDR] parameter to news.php.... Read more

    Affected Products : phpfusion php_fusion
    • EPSS Score: %0.60
    • Published: Sep. 11, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-0802

    Cross-site scripting (XSS) vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is enabled, allows remote attackers to inject arbitrary web script or HTML via the language parameter in a missing or translation ope... Read more

    Affected Products : postnuke
    • EPSS Score: %0.53
    • Published: Feb. 20, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2011-3634

    methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors.... Read more

    Affected Products : ubuntu_linux advanced_package_tool
    • EPSS Score: %0.16
    • Published: Mar. 01, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2004-1909

    Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to cause a denial of service (crash) via certain RAR archives, such as those generated by the Beagle/Bagle worm.... Read more

    Affected Products : clamav clamav
    • EPSS Score: %0.91
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4650

    Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the RFC2784 compliance fixes are missing, does not verify the offset field of a GRE packet during decapsulation, which leads to an integer overflow that references data from incorrect memor... Read more

    Affected Products : ios
    • EPSS Score: %0.49
    • Published: Sep. 09, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 291623 Results