Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2015-4812

    Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.9 allows remote attackers to affect confidentiality via vectors related to OSSL Module.... Read more

    Affected Products : http_server fusion_middleware
    • EPSS Score: %0.32
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2013-5587

    Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers to inject arbitrary web script or HTML via a URL in a ticket. NOTE: this issue has been SPLIT from CVE-2013-3371 du... Read more

    Affected Products : rt request_tracker
    • EPSS Score: %0.41
    • Published: Aug. 23, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2015-7046

    The Sandbox feature in xnu in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not properly implement privilege separation, which allows attackers to bypass the ASLR protection mechanism via a crafted app with root p... Read more

    Affected Products : mac_os_x iphone_os tvos watchos
    • EPSS Score: %0.74
    • Published: Dec. 11, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2007-1858

    The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or hav... Read more

    Affected Products : tomcat
    • EPSS Score: %6.28
    • Published: May. 10, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2011-2642

    Multiple cross-site scripting (XSS) vulnerabilities in the table Print view implementation in tbl_printview.php in phpMyAdmin before 3.3.10.3 and 3.4.x before 3.4.3.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ta... Read more

    Affected Products : phpmyadmin
    • EPSS Score: %0.67
    • Published: Aug. 01, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-4484

    Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow wh... Read more

    Affected Products : php
    • EPSS Score: %4.17
    • Published: Aug. 31, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4570

    Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with "Load Images" enabled, allows remote user-assisted attackers to bypass settings that disable JavaScript via a remote XBL file in a message that is loaded when the user views, forwards, or... Read more

    Affected Products : thunderbird seamonkey
    • EPSS Score: %0.87
    • Published: Sep. 15, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2010-2788

    Cross-site scripting (XSS) vulnerability in profileinfo.php in MediaWiki before 1.15.5, when wgEnableProfileInfo is enabled, allows remote attackers to inject arbitrary web script or HTML via the filter parameter.... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.66
    • Published: Apr. 27, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-3174

    Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter.... Read more

    Affected Products : squirrelmail
    • EPSS Score: %1.16
    • Published: Jun. 23, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2010-1796

    The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for ... Read more

    • EPSS Score: %0.36
    • Published: Jul. 30, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2008-3457

    Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in whi... Read more

    Affected Products : phpmyadmin
    • EPSS Score: %0.59
    • Published: Aug. 04, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2008-3326

    Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the etitle parameter (blog entry title).... Read more

    Affected Products : moodle
    • EPSS Score: %0.55
    • Published: Jul. 25, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2007-2727

    The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which mi... Read more

    Affected Products : php
    • EPSS Score: %0.58
    • Published: May. 16, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2008-2960

    Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, when register_globals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries... Read more

    Affected Products : phpmyadmin
    • EPSS Score: %0.68
    • Published: Jul. 02, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2007-5273

    Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate ... Read more

    Affected Products : jre sdk jdk
    • EPSS Score: %6.51
    • Published: Oct. 08, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2008-5161

    Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IB... Read more

    • EPSS Score: %3.39
    • Published: Nov. 19, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-1999-0468

    Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component.... Read more

    Affected Products : internet_explorer
    • EPSS Score: %4.29
    • Published: Apr. 09, 1999
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2012-1645

    The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified vectors, as demonstrated by reading settings.php.... Read more

    Affected Products : drupal cdn
    • EPSS Score: %0.59
    • Published: Aug. 28, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2007-4679

    CFFTP in CFNetwork for Apple Mac OS X 10.4 through 10.4.10 allows remote FTP servers to force clients to connect to other hosts via crafted responses to FTP PASV commands.... Read more

    Affected Products : mac_os_x
    • EPSS Score: %0.71
    • Published: Nov. 15, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2005-2602

    Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to obfuscate URIs via a long URI, which causes the address bar to go blank and could facilitate phishing attacks.... Read more

    Affected Products : firefox thunderbird
    • EPSS Score: %0.45
    • Published: Aug. 17, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 291385 Results