Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2006-4527

    includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when magic_quotes_gpc is disabled, uses an insufficiently restrictive regular expression to validate the gateway parameter, which allows remote attackers to conduct PHP remote file inclusion... Read more

    Affected Products : cubecart
    • EPSS Score: %0.46
    • Published: Sep. 01, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2002-2177

    BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP requests in a way that can cause BEA to send the same response for two different HTTP requests, which could allow remote attackers to obtain sensitive information that was intended for other... Read more

    Affected Products : weblogic_server
    • EPSS Score: %0.32
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4739

    Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the OriginalImageData parameter to phpthumb.php.... Read more

    Affected Products : jetbox_cms
    • EPSS Score: %0.33
    • Published: Sep. 13, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2002-1813

    Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8.2790 allows remote attackers to execute arbitrary programs by specifying the program in the href attribute of a link.... Read more

    Affected Products : instant_messenger
    • EPSS Score: %3.06
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2001-0091

    The ActiveX control for invoking a scriptlet in Internet Explorer 5.0 through 5.5 renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka a variant of the "Scriptlet Rendering" vulnerability.... Read more

    Affected Products : internet_explorer
    • EPSS Score: %13.45
    • Published: Feb. 16, 2001
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-3402

    The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly other versions, does not notify users when it cannot establish a secure channel with the server, which allows remote attackers to obtain authentication information without detection vi... Read more

    Affected Products : thunderbird
    • EPSS Score: %0.29
    • Published: Nov. 01, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-1324

    The Microsoft Windows Media Player 9.0 ActiveX control may allow remote attackers to execute arbitrary web script in the Local computer zone via the (1) artist or (2) song fields of a music file, if the file is processed using Internet Explorer.... Read more

    • EPSS Score: %16.72
    • Published: Dec. 18, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4080

    DeluxeBB 1.08, and possibly earlier, uses cookies that include the MD5 hash of a password, which allows remote attackers to gain privileges by sniffing or cross-site scripting (XSS) and conduct password guessing attacks.... Read more

    Affected Products : deluxebb
    • EPSS Score: %0.33
    • Published: Aug. 11, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-2414

    Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service (application crash) via a large HTML file that loads a DOM call from within nested DIV tags, ... Read more

    Affected Products : xpcom
    • EPSS Score: %5.00
    • Published: Aug. 03, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-3997

    Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows remote attackers to obtain sensitive information via direct requests to files in the admin/includes directory, including (1) graphs/banner_daily.php, (2) graphs/banner_infobox.php, (3) ... Read more

    Affected Products : zen_cart zen_cart
    • EPSS Score: %0.99
    • Published: Dec. 05, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4259

    Cross-site scripting (XSS) vulnerability in index.php in Fotopholder 1.8 allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: this might be resultant from a directory traversal vulnerability.... Read more

    Affected Products : fotopholder
    • EPSS Score: %0.40
    • Published: Aug. 21, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-1009

    The Disney Go Express Search allows remote attackers to access and modify search information for users by connecting to an HTTP server on the user's system.... Read more

    Affected Products : go_express_search
    • EPSS Score: %0.35
    • Published: Dec. 12, 1999
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-0790

    A remote attacker can read information from a Netscape user's cache via JavaScript.... Read more

    Affected Products : communicator
    • EPSS Score: %0.35
    • Published: Apr. 01, 2000
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-0445

    The SYMDNS.SYS driver in Symantec Norton Internet Security and Professional 2002 through 2004, Norton Personal Firewall 2002 through 2004, Norton AntiSpam 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 through 2.0 allows remote attackers to... Read more

    • EPSS Score: %35.05
    • Published: Jul. 07, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-1957

    Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.726 allows remote attackers to inject arbitrary web script or HTML via the (1) lid and query parameters to the Downloads module, (2) query parameter to the Web_links module, or (3) hlpfile ... Read more

    Affected Products : postnuke
    • EPSS Score: %0.48
    • Published: Apr. 21, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4210

    nu_mail.inc.php in Andreas Kansok phPay 2.02 and 2.02.1, when register_globals is enabled, allows remote attackers to use the server as an open mail relay via modified mail_text2, user_row[5], nu_mail_1, and shop_mail parameters. NOTE: some of these deta... Read more

    Affected Products : phpay
    • EPSS Score: %5.90
    • Published: Aug. 17, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2000-0849

    Race condition in Microsoft Windows Media server allows remote attackers to cause a denial of service in the Windows Media Unicast Service via a malformed request, aka the "Unicast Service Race Condition" vulnerability.... Read more

    Affected Products : windows_media_services
    • EPSS Score: %9.56
    • Published: Nov. 14, 2000
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-1001

    Cisco Cache Engine allows a remote attacker to gain access via a null username and password.... Read more

    Affected Products : cache_engine
    • EPSS Score: %0.32
    • Published: Dec. 16, 1999
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-1331

    The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the "File Download - Security Warning" dialog and save arbitrary files with arbitrary extensions via the SaveAs command.... Read more

    Affected Products : internet_explorer ie
    • EPSS Score: %27.11
    • Published: Nov. 16, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-0717

    A remote attacker can disable the virus warning mechanism in Microsoft Excel 97.... Read more

    • EPSS Score: %6.61
    • Published: May. 07, 1999
    • Modified: Apr. 03, 2025
Showing 20 of 291368 Results