Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2004-1331

    The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the "File Download - Security Warning" dialog and save arbitrary files with arbitrary extensions via the SaveAs command.... Read more

    Affected Products : internet_explorer ie
    • EPSS Score: %27.11
    • Published: Nov. 16, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2001-0091

    The ActiveX control for invoking a scriptlet in Internet Explorer 5.0 through 5.5 renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka a variant of the "Scriptlet Rendering" vulnerability.... Read more

    Affected Products : internet_explorer
    • EPSS Score: %13.45
    • Published: Feb. 16, 2001
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-2717

    Multiple directory traversal vulnerabilities in admin.php3 in PHPMyChat 0.14.5 allow remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the (1) sheet and (2) What parameters.... Read more

    Affected Products : phpmychat
    • EPSS Score: %2.24
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2002-1813

    Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8.2790 allows remote attackers to execute arbitrary programs by specifying the program in the href attribute of a link.... Read more

    Affected Products : instant_messenger
    • EPSS Score: %3.06
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-1001

    Cisco Cache Engine allows a remote attacker to gain access via a null username and password.... Read more

    Affected Products : cache_engine
    • EPSS Score: %0.32
    • Published: Dec. 16, 1999
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-0836

    Mozilla Thunderbird 1.5 allows user-assisted attackers to cause an unspecified denial of service by tricking the user into importing an LDIF file with a long field into the address book, as demonstrated by a long homePhone field.... Read more

    Affected Products : thunderbird
    • EPSS Score: %4.49
    • Published: Feb. 22, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-2530

    Visual truncation vulnerability in Gadu-Gadu allows remote attackers to spoof the file extension on transmitted files via a filename with a large number of spaces followed by the real extension, which is not displayed in the dialog box.... Read more

    Affected Products : gadu-gadu_instant_messenger
    • EPSS Score: %5.78
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-1495

    The Repair Archive command in WinRAR 3.40 allows remote attackers to cause a denial of service (application crash) via a corrupt ZIP archive.... Read more

    Affected Products : winrar
    • EPSS Score: %0.91
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-0724

    profile.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified (1) action, (2) passwd, (3) admin_password, (4) new... Read more

    Affected Products : magic_news_lite
    • EPSS Score: %0.73
    • Published: Feb. 16, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-0641

    Orbicule Undercover uses a third-party web server to determine the IP address through which the computer is accessing the Internet, but does not document this third-party disclosure, which leads to a potential privacy leak that might allow transmission of... Read more

    Affected Products : undercover
    • EPSS Score: %0.34
    • Published: Feb. 10, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2000-0849

    Race condition in Microsoft Windows Media server allows remote attackers to cause a denial of service in the Windows Media Unicast Service via a malformed request, aka the "Unicast Service Race Condition" vulnerability.... Read more

    Affected Products : windows_media_services
    • EPSS Score: %9.56
    • Published: Nov. 14, 2000
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2002-2177

    BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP requests in a way that can cause BEA to send the same response for two different HTTP requests, which could allow remote attackers to obtain sensitive information that was intended for other... Read more

    Affected Products : weblogic_server
    • EPSS Score: %0.32
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-0770

    Cross-site scripting (XSS) vulnerability in calendar.php in MyBulletinBoard (MyBB) 1.0.4 allows remote attackers to inject arbitrary web script or HTML via a URL that is not sanitized before being returned as a link in "advanced details". NOTE: the prove... Read more

    Affected Products : mybulletinboard
    • EPSS Score: %0.41
    • Published: Feb. 18, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2008-4164

    cron.php in MemHT Portal 3.9.0 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.... Read more

    Affected Products : memht_portal
    • EPSS Score: %1.98
    • Published: Sep. 22, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-1554

    Cross-site scripting (XSS) vulnerability in VSNS Lemon 3.2.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter while adding a comment.... Read more

    Affected Products : vsns_lemon
    • EPSS Score: %0.53
    • Published: Mar. 31, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-1324

    The Microsoft Windows Media Player 9.0 ActiveX control may allow remote attackers to execute arbitrary web script in the Local computer zone via the (1) artist or (2) song fields of a music file, if the file is processed using Internet Explorer.... Read more

    • EPSS Score: %16.72
    • Published: Dec. 18, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-0704

    iE Integrator 4.4.220114, when configured without a "bespoke error page" in acm.ini, allows remote attackers to obtain sensitive information via a URL that calls a non-existent .aspx script in the integrator/apps directory, which results in an error messa... Read more

    Affected Products : ie_integrator
    • EPSS Score: %0.39
    • Published: Feb. 15, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2000-0892

    Some telnet clients allow remote telnet servers to request environment variables from the client that may contain sensitive information, or remote web servers to obtain the information via a telnet: URL.... Read more

    Affected Products : openlinux u_win
    • EPSS Score: %0.66
    • Published: Jul. 21, 2001
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2001-0685

    Thibault Godouet FCron prior to 1.1.1 allows a local user to corrupt another user's crontab file via a symlink attack on the fcrontab temporary file.... Read more

    Affected Products : fcron
    • EPSS Score: %0.16
    • Published: Sep. 20, 2001
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-0790

    A remote attacker can read information from a Netscape user's cache via JavaScript.... Read more

    Affected Products : communicator
    • EPSS Score: %0.35
    • Published: Apr. 01, 2000
    • Modified: Apr. 03, 2025
Showing 20 of 291141 Results