Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2005-4357

    Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary Javascript via a permitted HTML tag with " (quote) characters and active attributes such as onmouseover.... Read more

    Affected Products : phpbb
    • EPSS Score: %1.42
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-3921

    Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP interface to the contents of memory buf... Read more

    Affected Products : ios
    • EPSS Score: %1.60
    • Published: Nov. 30, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-0802

    Cross-site scripting (XSS) vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is enabled, allows remote attackers to inject arbitrary web script or HTML via the language parameter in a missing or translation ope... Read more

    Affected Products : postnuke
    • EPSS Score: %0.53
    • Published: Feb. 20, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-0388

    Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 allows remote attackers to redirect users to local files and execute arbitrary JavaScript via unspecified vectors involving HTTP redirection to local resources.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %0.41
    • Published: Mar. 03, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2009-0433

    Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1.x before 5.1.1.19, 6.0.x before 6.0.2.29, and 6.1.x before 6.1.0.19, when Web Server plug-in content buffering is enabled, allows attackers to cause a denial of service (daemon crash)... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %0.71
    • Published: Feb. 10, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2001-0685

    Thibault Godouet FCron prior to 1.1.1 allows a local user to corrupt another user's crontab file via a symlink attack on the fcrontab temporary file.... Read more

    Affected Products : fcron
    • EPSS Score: %0.16
    • Published: Sep. 20, 2001
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2002-0284

    Winamp 2.78 and 2.77, when opening a wma file that requires a license, sends the full path of the Temporary Internet Files directory to the web page that is processing the license, which could allow malicious web servers to obtain the pathname.... Read more

    Affected Products : winamp
    • EPSS Score: %0.45
    • Published: May. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2001-0091

    The ActiveX control for invoking a scriptlet in Internet Explorer 5.0 through 5.5 renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka a variant of the "Scriptlet Rendering" vulnerability.... Read more

    Affected Products : internet_explorer
    • EPSS Score: %13.45
    • Published: Feb. 16, 2001
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2025-55285

    @backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. Prior to version 2.1.1, duplicate logging of the input values in the fetch:template action in the Scaffolder meant that some of the secrets were not properly... Read more

    Affected Products : backstage
    • Published: Aug. 15, 2025
    • Modified: Aug. 18, 2025
    • Vuln Type: Information Disclosure

  • 2.6

    LOW
    CVE-1999-0717

    A remote attacker can disable the virus warning mechanism in Microsoft Excel 97.... Read more

    • EPSS Score: %6.61
    • Published: May. 07, 1999
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2000-0553

    Race condition in IPFilter firewall 3.4.3 and earlier, when configured with overlapping "return-rst" and "keep state" rules, allows remote attackers to bypass access restrictions.... Read more

    Affected Products : ipfilter
    • EPSS Score: %0.44
    • Published: May. 26, 2000
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-0790

    A remote attacker can read information from a Netscape user's cache via JavaScript.... Read more

    Affected Products : communicator
    • EPSS Score: %0.35
    • Published: Apr. 01, 2000
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-1001

    Cisco Cache Engine allows a remote attacker to gain access via a null username and password.... Read more

    Affected Products : cache_engine
    • EPSS Score: %0.32
    • Published: Dec. 16, 1999
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-1009

    The Disney Go Express Search allows remote attackers to access and modify search information for users by connecting to an HTTP server on the user's system.... Read more

    Affected Products : go_express_search
    • EPSS Score: %0.35
    • Published: Dec. 12, 1999
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2000-0849

    Race condition in Microsoft Windows Media server allows remote attackers to cause a denial of service in the Windows Media Unicast Service via a malformed request, aka the "Unicast Service Race Condition" vulnerability.... Read more

    Affected Products : windows_media_services
    • EPSS Score: %9.56
    • Published: Nov. 14, 2000
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2000-0892

    Some telnet clients allow remote telnet servers to request environment variables from the client that may contain sensitive information, or remote web servers to obtain the information via a telnet: URL.... Read more

    Affected Products : openlinux u_win
    • EPSS Score: %0.66
    • Published: Jul. 21, 2001
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2024-37181

    Time-of-check time-of-use race condition in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable information disclosure via adjacent access.... Read more

    Affected Products :
    • Published: Jan. 16, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Race Condition

  • 2.6

    LOW
    CVE-2014-6502

    Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries.... Read more

    Affected Products : jdk jre
    • EPSS Score: %3.02
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2013-2037

    httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attack... Read more

    Affected Products : ubuntu_linux httplib2
    • EPSS Score: %0.49
    • Published: Jan. 18, 2014
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-0962

    Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 6.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted content that is not properly handled during a copy-and-paste operation.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.32
    • Published: Jan. 29, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 291570 Results