Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2012-5588

    The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when using a field permission module and the field contact field formatter is set to the full or teaser display mode, does not properly check permissions, which allows remote attackers to email the... Read more

    Affected Products : drupal email email
    • EPSS Score: %0.21
    • Published: Dec. 26, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2014-0381

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology, a different vulnerability than CVE-2014-0445.... Read more

    Affected Products : peoplesoft_products
    • EPSS Score: %0.52
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-3571

    Multiple cross-site scripting (XSS) vulnerabilities in interna/hilfe.php in Papoo 3 RC3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) titel or (2) ausgabe parameters.... Read more

    Affected Products : papoo
    • EPSS Score: %10.52
    • Published: Jul. 13, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3510

    The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStrin... Read more

    Affected Products : ie
    • EPSS Score: %43.43
    • Published: Jul. 11, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2001-1353

    ghostscript before 6.51 allows local users to read and write arbitrary files as the 'lp' user via the file operator, even with -dSAFER enabled.... Read more

    Affected Products : ghostscript
    • EPSS Score: %0.07
    • Published: Sep. 18, 2001
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2013-1517

    Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related to Diagnostics.... Read more

    Affected Products : e-business_suite
    • EPSS Score: %0.32
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2000-0132

    Microsoft Java Virtual Machine allows remote attackers to read files via the getSystemResourceAsStream function.... Read more

    Affected Products : virtual_machine
    • EPSS Score: %6.57
    • Published: Jan. 31, 2000
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2007-5564

    Multiple cross-site scripting (XSS) vulnerabilities in NSSboard (formerly Simple PHP Forum) 6.1 allow remote attackers to inject arbitrary web script or HTML via (1) HTML tags when BBcode is disabled; or the (2) user, (3) email, or (4) Real Name fields in... Read more

    Affected Products : simple_php_forum
    • EPSS Score: %0.28
    • Published: Oct. 18, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2003-0956

    Multiple race conditions in the handling of O_DIRECT in Linux kernel prior to version 2.4.22 could cause stale data to be returned from the disk when handling sparse files, or cause incorrect data to be returned when a file is truncated as it is being rea... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.08
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-6980

    The magnatune.com album browser in Amarok allows attackers to cause a denial of service (application crash) via unspecified vectors.... Read more

    Affected Products : album_browser
    • EPSS Score: %0.45
    • Published: Feb. 08, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2007-3129

    Cross-site scripting (XSS) vulnerability in login.php in Utopia News Pro 1.4.0 allows remote attackers to inject arbitrary web script or HTML via the password parameter.... Read more

    Affected Products : utopia_news_pro
    • EPSS Score: %0.54
    • Published: Jun. 19, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-1976

    Cross-site scripting (XSS) vulnerability in addRequest.php in Prayer Request Board (PRB) Beta 1 before 20060320 allows remote attackers to inject arbitrary web script or HTML via the Request field.... Read more

    Affected Products : prayer_request_board
    • EPSS Score: %0.30
    • Published: Apr. 21, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4919

    Directory traversal vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter.... Read more

    Affected Products : siteatschool
    • EPSS Score: %1.01
    • Published: Sep. 21, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2011

    Cross-site scripting (XSS) vulnerability in member.php in 4images 1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the nickname, probably involving the user_name parameter in register.php.... Read more

    Affected Products : 4images
    • EPSS Score: %0.62
    • Published: Apr. 25, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3043

    Cross-site scripting (XSS) vulnerability in search.cfm in CreaFrameXe (CFXe) CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the voltext_suche parameter.... Read more

    Affected Products : cfxe-cms
    • EPSS Score: %0.62
    • Published: Jun. 16, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2010-2854

    Multiple cross-site scripting (XSS) vulnerabilities in modfile.php in Event Horizon (EVH) 1.1.10, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) YourEmail and (2) VerificationNumber parameters,... Read more

    Affected Products : event_horizon
    • EPSS Score: %0.26
    • Published: Jul. 25, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-2651

    Cross-site scripting (XSS) vulnerability in index.php in Vacation Rental Script 1.0 allows remote attackers to inject arbitrary web script or HTML via the obj parameter.... Read more

    Affected Products : vacation_rental_script
    • EPSS Score: %0.53
    • Published: May. 30, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2012-5914

    Multiple cross-site scripting (XSS) vulnerabilities in the sed_import function in system/functions.php in Neocrome Seditio build 160 and 161 allow remote attackers to inject arbitrary web script or HTML via the (1) newmsg or (2) rtext parameter. NOTE: so... Read more

    Affected Products : seditio
    • EPSS Score: %0.48
    • Published: Nov. 17, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2002-1030

    Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections.... Read more

    Affected Products : weblogic_server
    • EPSS Score: %0.68
    • Published: Oct. 04, 2002
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2007-1558

    The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, in... Read more

    Affected Products : apop_protocol
    • EPSS Score: %3.38
    • Published: Apr. 16, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 291394 Results