Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2006-3550

    Multiple cross-site scripting (XSS) vulnerabilities in F5 Networks FirePass 4100 5.x allow remote attackers to inject arbitrary web script or HTML via unspecified "writable form fields and hidden fields," including "authentication frontends."... Read more

    Affected Products : firepass_4100
    • EPSS Score: %0.71
    • Published: Jul. 13, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2000-0006

    strace allows local users to read arbitrary files via memory mapped file names.... Read more

    Affected Products : linux_kernel strace
    • EPSS Score: %0.18
    • Published: Dec. 25, 1999
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2001-0092

    A function in Internet Explorer 5.0 through 5.5 does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a new variant of the "Frame Domain Verification" vulnerability.... Read more

    Affected Products : internet_explorer
    • EPSS Score: %18.36
    • Published: Feb. 16, 2001
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-1453

    Internet Explorer 4 allows remote attackers (malicious web site operators) to read the contents of the clipboard via the Internet WebBrowser ActiveX object.... Read more

    Affected Products : internet_explorer
    • EPSS Score: %43.37
    • Published: Feb. 02, 1999
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2000-0767

    The ActiveX control for invoking a scriptlet in Internet Explorer 4.x and 5.x renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka the "Scriptlet Rendering" vulnerability.... Read more

    Affected Products : internet_explorer
    • EPSS Score: %12.57
    • Published: Oct. 20, 2000
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3241

    Cross-site scripting (XSS) vulnerability in messages.php in XennoBB 1.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the tid parameter.... Read more

    Affected Products : xennobb
    • EPSS Score: %0.43
    • Published: Jun. 27, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1115

    nCipher HSM before 2.22.6, when generating a Diffie-Hellman public/private key pair without any specified DiscreteLogGroup parameters, chooses random parameters that could allow an attacker to crack the private key in significantly less time than a brute ... Read more

    Affected Products : chil mscapi_csp ncipher_software_cd
    • EPSS Score: %0.54
    • Published: Mar. 09, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3265

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in Qdig before 1.2.9.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pre_gallery or (2) post_gallery parameters.... Read more

    Affected Products : qdig
    • EPSS Score: %0.53
    • Published: Jun. 27, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1680

    Jupiter CMS 1.1.5, when display_errors is enabled, allows remote attackers to obtain the full server path via a direct request to modules/online.php.... Read more

    Affected Products : jupiter_cms
    • EPSS Score: %0.40
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3399

    Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki before 1.1.2-20060702 allows remote attackers to inject arbitrary Javascript via the URL, which is reflected back in an error message, a variant of CVE-2004-1632.... Read more

    Affected Products : moniwiki
    • EPSS Score: %0.70
    • Published: Jul. 06, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-0749

    Buffer overflow in Microsoft Telnet client in Windows 95 and Windows 98 via a malformed Telnet argument.... Read more

    Affected Products : windows_95 windows_98
    • EPSS Score: %23.09
    • Published: Aug. 16, 1999
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2007-5414

    Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0, when UTF-7 document content is rendered directly in UTF-7, allows remote attackers to inject arbitrary web script or HTML via a gopher URI that uses single quote characters to delimit... Read more

    Affected Products : firefox
    • EPSS Score: %0.25
    • Published: Oct. 12, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2007-5375

    Interpretation conflict in the Sun Java Virtual Machine (JVM) allows user-assisted remote attackers to conduct a multi-pin DNS rebinding attack and execute arbitrary JavaScript in an intranet context, when an intranet web server has an HTML document that ... Read more

    Affected Products : java_virtual_machine
    • EPSS Score: %0.37
    • Published: Oct. 11, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2000-0503

    The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows a remote attacker to violate the cross frame security policy via the NavigateComplete2 event.... Read more

    Affected Products : internet_explorer
    • EPSS Score: %11.11
    • Published: Jun. 06, 2000
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3284

    Cross-site scripting (XSS) vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in (1) webmaster/index.php and (2) search.php.... Read more

    Affected Products : dating_agent_pro
    • EPSS Score: %0.43
    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-0793

    Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet.... Read more

    Affected Products : internet_explorer
    • EPSS Score: %21.09
    • Published: Nov. 17, 1999
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4909

    Cross-site scripting (XSS) vulnerability in Cisco Guard DDoS Mitigation Appliance before 5.1(6), when anti-spoofing is enabled, allows remote attackers to inject arbitrary web script or HTML via certain character sequences in a URL that are not properly h... Read more

    Affected Products : guard_ddos_mitigation_appliance
    • EPSS Score: %0.50
    • Published: Sep. 21, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4066

    The Graphical Device Interface Plus library (gdiplus.dll) in Microsoft Windows XP SP2 allows context-dependent attackers to cause a denial of service (application crash) via certain images that trigger a divide-by-zero error, as demonstrated by a (1) .ico... Read more

    Affected Products : windows_xp
    • EPSS Score: %22.26
    • Published: Aug. 10, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2013-5315

    Cross-site scripting (XSS) vulnerability in the Resource Manager in the MEE submodule (mee.module) in the Scald module 6.x-1.x before 6.x-1.0-beta3 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via th... Read more

    Affected Products : drupal scald
    • EPSS Score: %0.73
    • Published: Aug. 19, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-2710

    Cross-site scripting (XSS) vulnerability in the Zen module 6.x-1.x before 6.x-1.1 for Drupal, when "Append the content title to the end of the breadcrumb" is enabled, allows remote attackers to inject arbitrary web script or HTML via the content title in ... Read more

    Affected Products : drupal zen
    • EPSS Score: %0.36
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 291394 Results