Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2014-2226

    Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : unifi_controller
    • EPSS Score: %0.29
    • Published: Jul. 29, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2006-2610

    Cross-site scripting (XSS) vulnerability in view.php in phpRaid 2.9.5 allows remote attackers to inject arbitrary web script or HTML via the (1) URL query string and the (2) Sort parameter.... Read more

    Affected Products : phpraid
    • EPSS Score: %0.41
    • Published: May. 26, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3653

    wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote attackers to cause a denial of service (CPU consumption or crash) via crafted (1) Works, (2) Excel, and (3) Lotus 1-2-3 files.... Read more

    Affected Products : works
    • EPSS Score: %48.98
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2008-5944

    Cross-site scripting (XSS) vulnerability in modules.php in NavBoard 16 (2.6.0) allows remote attackers to inject arbitrary web script or HTML via the module parameter.... Read more

    Affected Products : navboard
    • EPSS Score: %1.35
    • Published: Jan. 22, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2012-2710

    Cross-site scripting (XSS) vulnerability in the Zen module 6.x-1.x before 6.x-1.1 for Drupal, when "Append the content title to the end of the breadcrumb" is enabled, allows remote attackers to inject arbitrary web script or HTML via the content title in ... Read more

    Affected Products : drupal zen
    • EPSS Score: %0.36
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2000-1003

    NETBIOS client in Windows 95 and Windows 98 allows a remote attacker to cause a denial of service by changing a file sharing service to return an unknown driver type, which causes the client to crash.... Read more

    Affected Products : windows_95 windows_98 windows_98se
    • EPSS Score: %9.56
    • Published: Dec. 11, 2000
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2020-25374

    CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers to discover internal pathnames by reading an error popup message after two hours of idle time.... Read more

    Affected Products : privileged_session_manager
    • EPSS Score: %0.16
    • Published: Oct. 28, 2020
    • Modified: Nov. 21, 2024

  • 2.6

    LOW
    CVE-2004-1753

    The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and f... Read more

    Affected Products : firefox mozilla navigator
    • EPSS Score: %0.87
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2012-2712

    Multiple cross-site scripting (XSS) vulnerabilities in the Search API module 7.x-1.x before 7.x-1.1 for Drupal, when supporting manual entry of field identifiers, allow remote attackers to inject arbitrary web script or HTML via vectors related to thrown ... Read more

    Affected Products : drupal search_api
    • EPSS Score: %0.57
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2015-5514

    Cross-site scripting (XSS) vulnerability in the Migrate module 7.x-2.x before 7.x-2.8 for Drupal, when the migrate_ui submodule is enabled, allows user-assisted remote attackers to inject arbitrary web script or HTML via a destination field label.... Read more

    Affected Products : migrate
    • EPSS Score: %0.36
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2006-2979

    Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Free 2.5.5, and possibly other distributions including Light, Standard, and Enterprise, allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter in forum... Read more

    Affected Products : shop
    • EPSS Score: %0.61
    • Published: Jun. 12, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4303

    Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun Solaris 10 allows remote attackers to cause a denial of service ("tight loop" and CPU consumption for listener applications) via unknown vectors related to TCP fusion (do_tcp_fusion).... Read more

    Affected Products : solaris
    • EPSS Score: %0.71
    • Published: Aug. 23, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4569

    The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cro... Read more

    Affected Products : firefox enterprise_linux
    • EPSS Score: %2.11
    • Published: Sep. 15, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2010-4607

    Multiple cross-site scripting (XSS) vulnerabilities in Habari 0.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) additem_form parameter to system/admin/dash_additem.php and the (2) status_dat... Read more

    Affected Products : habari
    • EPSS Score: %2.69
    • Published: Dec. 29, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-1945

    Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the config parameter. NOTE: this might be the same core issue as CVE-2005-2732.... Read more

    Affected Products : awstats awstats
    • EPSS Score: %3.82
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4573

    Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences.... Read more

    Affected Products : screen
    • EPSS Score: %1.17
    • Published: Oct. 24, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2002-1030

    Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections.... Read more

    Affected Products : weblogic_server
    • EPSS Score: %0.68
    • Published: Oct. 04, 2002
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2651

    Cross-site scripting (XSS) vulnerability in index.php in Vacation Rental Script 1.0 allows remote attackers to inject arbitrary web script or HTML via the obj parameter.... Read more

    Affected Products : vacation_rental_script
    • EPSS Score: %0.53
    • Published: May. 30, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2010-3511

    Unspecified vulnerability in Oracle OpenSolaris allows local users to affect integrity and availability via unknown vectors related to Tooltalk.... Read more

    Affected Products : opensolaris
    • EPSS Score: %0.15
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-0717

    IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain SSLv2 configuration with client authentication is used, allows remote attackers to bypass X.509 client-certificate authentication via unspecified vectors.... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %0.07
    • Published: Jun. 20, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 291335 Results