Latest CVE Feed
-
2.6
LOWCVE-2013-5315
Cross-site scripting (XSS) vulnerability in the Resource Manager in the MEE submodule (mee.module) in the Scald module 6.x-1.x before 6.x-1.0-beta3 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via th... Read more
- EPSS Score: %0.73
- Published: Aug. 19, 2013
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-1999-0827
By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing.... Read more
- EPSS Score: %0.88
- Published: Nov. 01, 1999
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2012-2723
Cross-site scripting (XSS) vulnerability in the Maestro module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with maestro admin permissions to inject arbitrary web script or HTML via unspecified vectors.... Read more
- EPSS Score: %0.43
- Published: Jun. 27, 2012
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2008-0266
Cross-site request forgery (CSRF) vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks. NOTE: either the old password must be known, or the attacker mu... Read more
Affected Products : eticket- EPSS Score: %0.40
- Published: Jan. 15, 2008
- Modified: Apr. 09, 2025
-
2.6
LOWCVE-1999-0870
Internet Explorer 4.01 allows remote attackers to read arbitrary files by pasting a file name into the file upload control, aka untrusted scripted paste.... Read more
Affected Products : internet_explorer- EPSS Score: %9.12
- Published: Oct. 01, 1998
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2015-4346
Cross-site scripting (XSS) vulnerability in the SMS Framework module 6.x-1.x before 6.x-1.1 for Drupal, when the "Send to phone" submodule is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to messag... Read more
Affected Products : sms_framework- EPSS Score: %0.28
- Published: Jun. 15, 2015
- Modified: Apr. 12, 2025
-
2.6
LOWCVE-2010-0132
Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "search_re input,... Read more
Affected Products : viewvc- EPSS Score: %0.60
- Published: Mar. 31, 2010
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2013-2139
Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions.... Read more
- EPSS Score: %1.81
- Published: Jan. 16, 2014
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2014-4721
The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attac... Read more
- EPSS Score: %4.62
- Published: Jul. 06, 2014
- Modified: Apr. 12, 2025
-
2.6
LOWCVE-2006-2572
Cross-site scripting (XSS) vulnerability in index.php in DGBook 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) homepage, (3) email, and (4) address parameters.... Read more
Affected Products : dgbook- EPSS Score: %0.56
- Published: May. 24, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2024-20911
Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracl... Read more
Affected Products : audit_vault_and_database_firewall- Published: Feb. 17, 2024
- Modified: Mar. 27, 2025
-
2.6
LOWCVE-2006-2571
Cross-site scripting (XSS) vulnerability in search.html in Alkacon OpenCms 6.0.0, 6.0.2, and 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search action.... Read more
Affected Products : opencms- EPSS Score: %0.62
- Published: May. 24, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2024-47784
Unverified Password Change for ANC software that allows an authenticated attacker to bypass the old Password check in the password change form via a web HMI This issue affects ANC software version 1.1.4 and earlier.... Read more
Affected Products :- Published: Apr. 30, 2025
- Modified: May. 02, 2025
- Vuln Type: Authentication
-
2.6
LOWCVE-2015-8577
The Buffer Overflow Protection (BOP) feature in McAfee VirusScan Enterprise before 8.8 Patch 6 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses on 32-bit platforms when protecting another application, which allows atta... Read more
Affected Products : virusscan_enterprise- EPSS Score: %0.02
- Published: Dec. 16, 2015
- Modified: Apr. 12, 2025
-
2.6
LOWCVE-2015-2047
The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authentication via a password that is casted to an empty value.... Read more
- EPSS Score: %0.77
- Published: Feb. 23, 2015
- Modified: Apr. 12, 2025
-
2.6
LOWCVE-2006-2765
Cross-site scripting (XSS) vulnerability in news_information.php in Interlink Advantage allows remote attackers to inject arbitrary web script or HTML via the flag parameter.... Read more
Affected Products : interlink_advantage- EPSS Score: %0.41
- Published: Jun. 02, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2006-2728
Cross-site scripting (XSS) vulnerability in superalbum/index.php in Photoalbum B&W 1.3 allows remote attackers to inject arbitrary web script or HTML via the pic parameter.... Read more
Affected Products : photoalbum_bandw- EPSS Score: %0.62
- Published: Jun. 01, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2006-2729
Cross-site scripting (XSS) vulnerability in superalbum/index.php in Photoalbum B&W 1.3 allows remote attackers to inject arbitrary web script or HTML via the gal parameter. NOTE: the provenance of this information is unknown; the details are obtained sol... Read more
Affected Products : photoalbum_bandw- EPSS Score: %0.34
- Published: Jun. 01, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2006-2653
Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter.... Read more
Affected Products : dsa-3100_airspot_gateway- EPSS Score: %0.70
- Published: May. 30, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2005-2414
Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service (application crash) via a large HTML file that loads a DOM call from within nested DIV tags, ... Read more
Affected Products : xpcom- EPSS Score: %5.00
- Published: Aug. 03, 2005
- Modified: Apr. 03, 2025