Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2004-1907

    The Web Filtering functionality in Kerio Personal Firewall (KPF) 4.0.13 allows remote attackers to cause a denial of service (crash) by sending hex-encoded URLs containing "%13%12%13".... Read more

    Affected Products : personal_firewall
    • EPSS Score: %8.54
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2001-0324

    Windows 98 and Windows 2000 Java clients allow remote attackers to cause a denial of service via a Java applet that opens a large number of UDP sockets, which prevents the host from establishing any additional UDP connections, and possibly causes a crash.... Read more

    Affected Products : windows_2000 windows_98
    • EPSS Score: %3.55
    • Published: May. 03, 2001
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4066

    The Graphical Device Interface Plus library (gdiplus.dll) in Microsoft Windows XP SP2 allows context-dependent attackers to cause a denial of service (application crash) via certain images that trigger a divide-by-zero error, as demonstrated by a (1) .ico... Read more

    Affected Products : windows_xp
    • EPSS Score: %22.26
    • Published: Aug. 10, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-0793

    Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet.... Read more

    Affected Products : internet_explorer
    • EPSS Score: %21.09
    • Published: Nov. 17, 1999
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2009-1879

    Cross-site scripting (XSS) vulnerability in index.template.html in the express-install templates in the SDK in Adobe Flex before 3.4, when the installed Flash version is older than a specified requiredMajorVersion value, allows remote attackers to inject ... Read more

    Affected Products : flex_sdk
    • EPSS Score: %9.75
    • Published: Aug. 21, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-3160

    Cross-site scripting (XSS) vulnerability in fm.php in ONEdotOH Simple File Manager (SFM) 0.24a and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.... Read more

    Affected Products : simple_file_manager
    • EPSS Score: %0.53
    • Published: Jun. 22, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2001-0273

    pgp4pine Pine/PGP interface version 1.75-6 does not properly check to see if a public key has expired when obtaining the keys via Gnu Privacy Guard (GnuPG), which causes the message to be sent in cleartext.... Read more

    Affected Products : pgp4pine
    • EPSS Score: %0.59
    • Published: May. 03, 2001
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2008-0266

    Cross-site request forgery (CSRF) vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks. NOTE: either the old password must be known, or the attacker mu... Read more

    Affected Products : eticket
    • EPSS Score: %0.40
    • Published: Jan. 15, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2001-1450

    Microsoft Internet Explorer 5.0 through 6.0 allows attackers to cause a denial of service (browser crash) via a crafted FTP URL such as "/.#./".... Read more

    Affected Products : internet_explorer
    • EPSS Score: %8.66
    • Published: May. 11, 2001
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2003-1306

    Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header ... Read more

    Affected Products : urlscan
    • EPSS Score: %0.38
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2012-2362

    Cross-site scripting (XSS) vulnerability in blog/lib.php in the blog implementation in Moodle 1.9.x before 1.9.18, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted parameter to blog/index.php.... Read more

    Affected Products : moodle
    • EPSS Score: %0.28
    • Published: Jul. 21, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2008-3574

    Multiple cross-site scripting (XSS) vulnerabilities in Pluck 4.5.2, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) lang_footer parameter to (a) data/inc/footer.php; the (2) pluck_version, (3) la... Read more

    Affected Products : pluck pluck
    • EPSS Score: %1.48
    • Published: Aug. 10, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2007-3822

    Multiple cross-site scripting (XSS) vulnerabilities in Webcit before 7.11 allow remote attackers to inject arbitrary web script or HTML via (1) the who parameter to showuser; and other vectors involving (2) calendar mode, (3) bulletin board mode, (4) room... Read more

    Affected Products : webcit
    • EPSS Score: %7.07
    • Published: Jul. 17, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-1999-0396

    A race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of service.... Read more

    Affected Products : netbsd openbsd
    • EPSS Score: %0.66
    • Published: Feb. 17, 1999
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2007-5564

    Multiple cross-site scripting (XSS) vulnerabilities in NSSboard (formerly Simple PHP Forum) 6.1 allow remote attackers to inject arbitrary web script or HTML via (1) HTML tags when BBcode is disabled; or the (2) user, (3) email, or (4) Real Name fields in... Read more

    Affected Products : simple_php_forum
    • EPSS Score: %0.28
    • Published: Oct. 18, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2008-3712

    Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.2 and 4.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to mambots/editors/mostlyce/jscripts/tiny_mce/filemanage... Read more

    Affected Products : mambo
    • EPSS Score: %4.01
    • Published: Aug. 19, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2010-1515

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS 2.0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) keyword or (2) article-id parameter in conjunction with a /admin/news/article/list PA... Read more

    Affected Products : tomatocms
    • EPSS Score: %0.31
    • Published: Jun. 15, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2005-0110

    Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning dialog and possibly trick an unknowledgeable user into executing arbitrary code via a web page with a body element containing an onclick tag, as demonstrated... Read more

    Affected Products : internet_explorer ie
    • EPSS Score: %2.70
    • Published: Jan. 14, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2007-6704

    Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.a... Read more

    Affected Products : firepass_4100
    • EPSS Score: %7.08
    • Published: Mar. 05, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-0926

    Multiple directory traversal vulnerabilities in Allume StuffIt Standard and Deluxe 9.0, ZipMagic Deluxe 9.0, and StuffIt Expander 9.0.0.21 Engine 9.0.0.21 allow remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a (1... Read more

    • EPSS Score: %1.10
    • Published: Feb. 28, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 291385 Results