Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2010-1157

    Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm f... Read more

    Affected Products : tomcat
    • EPSS Score: %17.00
    • Published: Apr. 23, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2010-0650

    WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event.... Read more

    Affected Products : ubuntu_linux chrome safari
    • EPSS Score: %1.57
    • Published: Feb. 18, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2015-0820

    Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sandbox protection mechanism or a Secure EcmaScript sandbo... Read more

    Affected Products : firefox ubuntu_linux opensuse
    • EPSS Score: %0.30
    • Published: Feb. 25, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2005-0593

    Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP server that uses SSL, which causes th... Read more

    Affected Products : firefox mozilla
    • EPSS Score: %1.25
    • Published: Mar. 04, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2015-2987

    Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, which makes it easier for attackers to obtain plaintext data via differential cryptanalysis of a file with an original length smaller than 128 bits.... Read more

    Affected Products : ed
    • EPSS Score: %0.23
    • Published: Aug. 28, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2009-0071

    Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a certain (a) replaceChild or (b) removeChild call, followed by a (1) q... Read more

    Affected Products : firefox
    • EPSS Score: %5.85
    • Published: Jan. 08, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2009-0737

    Multiple cross-site scripting (XSS) vulnerabilities in the web-based installer (config/index.php) in MediaWiki 1.6 before 1.6.12, 1.12 before 1.12.4, and 1.13 before 1.13.4, when the installer is in active use, allow remote attackers to inject arbitrary w... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.51
    • Published: Feb. 25, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2004-0837

    MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to cause a denial of service (crash or hang) via multiple threads that simultaneously alter MERGE table UNIONs.... Read more

    Affected Products : debian_linux mysql mysql
    • EPSS Score: %2.36
    • Published: Nov. 03, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1721

    digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service (segmentation fault) via malformed inputs in DIGES... Read more

    Affected Products : sasl
    • EPSS Score: %3.61
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-5215

    The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink... Read more

    Affected Products : solaris sunos netbsd xdm
    • EPSS Score: %0.08
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2010-4265

    The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 throug... Read more

    • EPSS Score: %1.03
    • Published: Dec. 30, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2011-4345

    Cross-site scripting (XSS) vulnerability in Namazu before 2.0.21, when Internet Explorer 6 or 7 is used, allows remote attackers to inject arbitrary web script or HTML via a cookie.... Read more

    Affected Products : internet_explorer namazu
    • EPSS Score: %0.44
    • Published: Nov. 30, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2010-4472

    Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous info... Read more

    Affected Products : jre jdk
    • EPSS Score: %8.00
    • Published: Feb. 17, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-6483

    Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML tags when protecting against cross-site scripting (XSS) attacks, which allows remote attackers to inject arbitrary web script or HTML via a NULL byte (%00) in certain HTML tags, as demonst... Read more

    Affected Products : coldfusion
    • EPSS Score: %2.00
    • Published: Dec. 12, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2010-0039

    The Application-Level Gateway (ALG) on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 modifies PORT commands in incoming FTP traffic, which allows remote attackers to use the device's IP a... Read more

    • EPSS Score: %0.31
    • Published: Dec. 22, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-0389

    Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) in Mac OS X 10.4 through 10.4.5 allows remote attackers to execute arbitrary JavaScript via unspecified vectors involving RSS feeds.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %0.58
    • Published: Mar. 03, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2766

    Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a lon... Read more

    Affected Products : internet_explorer outlook_express ie
    • EPSS Score: %63.44
    • Published: Jun. 02, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1787

    Adobe Document Server for Reader Extensions 6.0 includes a user's session (jsession) ID in the HTTP Referer header, which allows remote attackers to gain access to PDF files that are being processed within that session.... Read more

    Affected Products : document_server
    • EPSS Score: %1.77
    • Published: Apr. 13, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4567

    Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a mal... Read more

    Affected Products : firefox thunderbird enterprise_linux
    • EPSS Score: %1.86
    • Published: Sep. 15, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2012-3383

    The map_meta_cap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfiltered_html capability, which allows remote authenticated users to bypass intended access re... Read more

    Affected Products : wordpress
    • EPSS Score: %0.15
    • Published: Jul. 22, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 291157 Results