Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2015-5281

    The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) 7, when used on UEFI systems, allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a crafted (1) multiboot or (2) multiboot2 module in the co... Read more

    Affected Products : enterprise_linux
    • EPSS Score: %0.06
    • Published: Nov. 24, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2012-0954

    APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (M... Read more

    Affected Products : advanced_package_tool apt
    • EPSS Score: %0.37
    • Published: Jun. 19, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2008-4937

    senddoc in OpenOffice.org (OOo) 2.4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/log.obr.##### temporary file.... Read more

    Affected Products : openoffice.org
    • EPSS Score: %0.04
    • Published: Nov. 05, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2013-2051

    The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions by performing a replay attack after a nonce becomes stale. NOTE: this issue is due to an incomplete fix ... Read more

    Affected Products : enterprise_linux
    • EPSS Score: %0.34
    • Published: Jul. 09, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-4624

    CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI.... Read more

    Affected Products : mailman
    • EPSS Score: %2.39
    • Published: Sep. 07, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2010-1157

    Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm f... Read more

    Affected Products : tomcat
    • EPSS Score: %17.00
    • Published: Apr. 23, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2005-0586

    Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content.... Read more

    Affected Products : firefox mozilla
    • EPSS Score: %0.69
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-1449

    Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control.... Read more

    Affected Products : thunderbird mozilla firebird
    • EPSS Score: %0.35
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-0190

    Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to delete arbitrary files via a Real Metadata Packages (RMP) file with a FILENAME tag containing .. (dot dot) sequences in a filename that ends with a ?... Read more

    Affected Products : realplayer realone_player
    • EPSS Score: %3.11
    • Published: Sep. 29, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2010-0650

    WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event.... Read more

    Affected Products : ubuntu_linux chrome safari
    • EPSS Score: %1.57
    • Published: Feb. 18, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2007-5712

    The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory cons... Read more

    Affected Products : django django
    • EPSS Score: %1.59
    • Published: Oct. 30, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2005-1923

    The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other versions vefore 0.86, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a cabinet (CAB) file with the cffile_FolderOffset field set to ... Read more

    Affected Products : clamav
    • EPSS Score: %0.66
    • Published: Jul. 05, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2013-5183

    Mail in Apple Mac OS X before 10.9, when Kerberos authentication is enabled and TLS is disabled, sends invalid cleartext data, which allows remote attackers to obtain sensitive information by sniffing the network.... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %0.44
    • Published: Oct. 24, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-4037

    Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file.... Read more

    Affected Products : transmission
    • EPSS Score: %0.54
    • Published: Aug. 15, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2009-3094

    The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malforme... Read more

    Affected Products : fedora debian_linux http_server
    • EPSS Score: %3.28
    • Published: Sep. 08, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2010-0537

    DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly resolve pathnames in certain circumstances involving an application's save panel, which allows user-assisted remote attackers to trigger unintended remote file copying via a crafted sh... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %0.24
    • Published: Mar. 30, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2010-0730

    The MMIO instruction decoder in the Xen hypervisor in the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows guest OS users to cause a denial of service (32-bit guest OS crash) via vectors that trigger an unspecified instruction emulation.... Read more

    • EPSS Score: %1.48
    • Published: May. 12, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2007-5238

    Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to ... Read more

    Affected Products : jre sdk jdk
    • EPSS Score: %0.98
    • Published: Oct. 06, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2009-0591

    The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was... Read more

    Affected Products : openssl
    • EPSS Score: %1.84
    • Published: Mar. 27, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2014-6585

    Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6591.... Read more

    Affected Products : jdk jre
    • EPSS Score: %1.91
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291401 Results