Latest CVE Feed
-
2.6
LOWCVE-2011-4872
Multiple HTC Android devices including Desire HD FRG83D and GRI40, Glacier FRG83, Droid Incredible FRF91, Thunderbolt 4G FRG83D, Sensation Z710e GRI40, Sensation 4G GRI40, Desire S GRI40, EVO 3D GRI40, and EVO 4G GRI40 allow remote attackers to obtain 802... Read more
Affected Products : evo_3d evo_4g droid_incredible desire_hd desire_s glacier sensation_4g sensation_z710e thunderbolt_4g- EPSS Score: %0.65
- Published: Feb. 05, 2012
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2009-4652
The (1) Conn_GetCipherInfo and (2) Conn_UsesSSL functions in src/ngircd/conn.c in ngIRCd 13 and 14, when SSL/TLS support is present and standalone mode is disabled, allow remote attackers to cause a denial of service (application crash) by sending the MOT... Read more
- EPSS Score: %1.11
- Published: Feb. 26, 2010
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2006-1759
Cross-site scripting (XSS) vulnerability in allgemein_transfer.php in SWSoft Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the jahr parameter.... Read more
Affected Products : confixx- EPSS Score: %0.76
- Published: Apr. 13, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2006-3731
Mozilla Firefox 1.5.0.4 and earlier allows remote user-assisted attackers to cause a denial of service (crash) via a form with a multipart/form-data encoding and a user-uploaded file. NOTE: a third party has claimed that this issue might be related to th... Read more
Affected Products : firefox- EPSS Score: %0.66
- Published: Jul. 21, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2006-1815
Multiple cross-site scripting (XSS) vulnerabilities in register.php in Tritanium Bulletin Board (TBB) 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) newuser_realname and (2) newuser_icq parameters, a different vector than ... Read more
Affected Products : tritanium_bulletin_board- EPSS Score: %0.42
- Published: Apr. 18, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2013-4944
Cross-site scripting (XSS) vulnerability in the BuddyPress Extended Friendship Request plugin before 1.0.2 for WordPress, when the "Friend Connections" component is enabled, allows remote attackers to inject arbitrary web script or HTML via the friendship... Read more
- EPSS Score: %0.26
- Published: Jul. 29, 2013
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2006-1752
Multiple cross-site scripting (XSS) vulnerabilities in the backend in MvBlog before 1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) body fields in a comment.... Read more
Affected Products : mvblog- EPSS Score: %0.43
- Published: Apr. 12, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2022-21929
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability... Read more
Affected Products : edge_chromium- EPSS Score: %0.64
- Published: Jan. 11, 2022
- Modified: Nov. 21, 2024
-
2.6
LOWCVE-2012-0475
Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site (1) XMLH... Read more
- EPSS Score: %0.29
- Published: Apr. 25, 2012
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2014-6558
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security.... Read more
- EPSS Score: %2.25
- Published: Oct. 15, 2014
- Modified: Apr. 12, 2025
-
2.6
LOWCVE-2013-2236
Stack-based buffer overflow in the new_msg_lsa_change_notify function in the OSPFD API (ospf_api.c) in Quagga before 0.99.22.2, when --enable-opaque-lsa and the -a command line option are used, allows remote attackers to cause a denial of service (crash) ... Read more
Affected Products : quagga- EPSS Score: %0.96
- Published: Oct. 24, 2013
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2006-4914
Directory traversal vulnerability in A.l-Pifou 1.8p2 allows remote attackers to read arbitrary files via ".." sequences in the ze_langue_02 cookie, as demonstrated by using the choix_lng parameter to choix_langue.php to indirectly set the cookie, then acc... Read more
Affected Products : a.l-pifou- EPSS Score: %0.84
- Published: Sep. 21, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2012-4929
The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext ... Read more
- EPSS Score: %13.87
- Published: Sep. 15, 2012
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2012-4930
The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obta... Read more
- EPSS Score: %0.24
- Published: Sep. 15, 2012
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2008-5503
The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or acce... Read more
- EPSS Score: %0.84
- Published: Dec. 17, 2008
- Modified: Apr. 09, 2025
-
2.6
LOWCVE-2014-9478
Cross-site scripting (XSS) vulnerability in the preview in the ExpandTemplates extension for MediaWiki, when $wgRawHTML is set to true, allows remote attackers to inject arbitrary web script or HTML via the wpInput parameter to the Special:ExpandTemplates... Read more
Affected Products : mediawiki- EPSS Score: %0.28
- Published: Jan. 16, 2015
- Modified: Apr. 12, 2025
-
2.6
LOWCVE-2006-0208
Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are includ... Read more
Affected Products : php- EPSS Score: %3.29
- Published: Jan. 13, 2006
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2015-4926
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.1, and 12.2 allows remote attackers to affect integrity via vectors related to UIX.... Read more
Affected Products : e-business_suite- EPSS Score: %0.31
- Published: Jan. 21, 2016
- Modified: Apr. 12, 2025
-
2.6
LOWCVE-2010-0537
DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly resolve pathnames in certain circumstances involving an application's save panel, which allows user-assisted remote attackers to trigger unintended remote file copying via a crafted sh... Read more
- EPSS Score: %0.24
- Published: Mar. 30, 2010
- Modified: Apr. 11, 2025
-
2.6
LOWCVE-2012-4037
Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file.... Read more
Affected Products : transmission- EPSS Score: %0.54
- Published: Aug. 15, 2012
- Modified: Apr. 11, 2025