Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2003-1582

    Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by i... Read more

    Affected Products : internet_information_server
    • EPSS Score: %4.96
    • Published: Feb. 05, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2011-2712

    Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.... Read more

    Affected Products : wicket
    • EPSS Score: %4.02
    • Published: Aug. 29, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2011-3975

    A certain HTC update for Android 2.3.4 build GRJ22, when the Sense interface is used on the HTC EVO 3D, EVO 4G, ThunderBolt, and unspecified other devices, provides the HtcLoggers.apk application, which allows user-assisted remote attackers to obtain a li... Read more

    Affected Products : android evo_3d evo_4g thunderbolt
    • EPSS Score: %0.36
    • Published: Oct. 03, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-2729

    Cross-site scripting (XSS) vulnerability in superalbum/index.php in Photoalbum B&W 1.3 allows remote attackers to inject arbitrary web script or HTML via the gal parameter. NOTE: the provenance of this information is unknown; the details are obtained sol... Read more

    Affected Products : photoalbum_bandw
    • EPSS Score: %0.34
    • Published: Jun. 01, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1946

    Multiple cross-site scripting (XSS) vulnerabilities in Visale 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the keyval parameter in pbpgst.cgi, (2) the catsubno parameter in pblscg.cgi, and (3) the listno parameter ... Read more

    Affected Products : visale
    • EPSS Score: %0.97
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1943

    Multiple cross-site scripting (XSS) vulnerabilities in Smarter Scripts IntelliLink Pro 5.06 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter in addlink_lwp.cgi and the (2) id, (3) forgotid, and (4) forgot... Read more

    Affected Products : intellilink_pro
    • EPSS Score: %0.95
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2008-4549

    The ImageShack Toolbar ActiveX control (ImageShackToolbar.dll) in ImageShack Toolbar 4.5.7, possibly including 4.5.7.69, allows remote attackers to force the upload of arbitrary image files to the ImageShack site via a file: URI argument to the BuildSlide... Read more

    Affected Products : imageshack_toolbar
    • EPSS Score: %6.72
    • Published: Oct. 14, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-1918

    Multiple cross-site scripting (XSS) vulnerabilities in Papoo 2.1.5 allow remote attackers to inject arbitrary web script or HTML via the menuid parameter to (1) index.php or (2) forum.php, or the (3) reporeid_print parameter to print.php.... Read more

    Affected Products : papoo
    • EPSS Score: %0.41
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-1683

    Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft Word for the Macintosh, before SP3 for Word 2002, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted mcw file.... Read more

    Affected Products : word
    • EPSS Score: %15.13
    • Published: May. 20, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1476

    Windows Firewall in Microsoft Windows XP SP2 produces incorrect application block alerts when the application filename is ".exe" (with no characters before the "."), which might allow local user-assisted users to trick a user into unblocking a Trojan hors... Read more

    Affected Products : windows_xp
    • EPSS Score: %17.20
    • Published: Mar. 29, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2010-4783

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) siteurl and (2) urlbanner paramet... Read more

    Affected Products : easy_banner_free
    • EPSS Score: %4.38
    • Published: Apr. 07, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2010-0640

    Cross-site scripting (XSS) vulnerability in CA eHealth Performance Manager 6.0.x through 6.2.x, when malicious HTML detection is disabled, allows remote attackers to inject arbitrary web script or HTML via a crafted request.... Read more

    Affected Products : ehealth_performance_manager
    • EPSS Score: %0.25
    • Published: Feb. 24, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2024-1949

    A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x before 9.4.2 allows an authenticated attacker to gain unauthorized access to individual posts' contents via carefully timed post creation while another user deletes posts. ... Read more

    Affected Products : mattermost_server mattermost
    • Published: Feb. 29, 2024
    • Modified: Dec. 13, 2024

  • 2.6

    LOW
    CVE-2006-2891

    Cross-site scripting (XSS) vulnerability in admin/index.php for Pixelpost 1-5rc1-2 and earlier allows remote attackers to inject arbitrary HTML or web script via the loginmessage parameter.... Read more

    Affected Products : pixelpost
    • EPSS Score: %0.49
    • Published: Jun. 07, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-1696

    Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750 and 0.760RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) skin or (2) paletteid parameter to demo.php in the Xanthia module, or (3) the serverName parameter... Read more

    Affected Products : postnuke
    • EPSS Score: %0.30
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4527

    includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when magic_quotes_gpc is disabled, uses an insufficiently restrictive regular expression to validate the gateway parameter, which allows remote attackers to conduct PHP remote file inclusion... Read more

    Affected Products : cubecart
    • EPSS Score: %0.46
    • Published: Sep. 01, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2519

    Directory traversal vulnerability in include/inc_ext/spaw/spaw_control.class.php in phpwcms 1.2.5-DEV allows remote attackers to include arbitrary local files via .. (dot dot) sequences in the spaw_root parameter. NOTE: CVE analysis suggests that this is... Read more

    Affected Products : phpwcms
    • EPSS Score: %1.86
    • Published: May. 22, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2789

    Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to cause a denial of service (persistent crash) via a crafted "From" header that triggers an assert error in camel-internet-add... Read more

    Affected Products : evolution
    • EPSS Score: %0.79
    • Published: Jun. 02, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2000-0726

    CGIMail.exe CGI program in Stalkerlab Mailers 1.1.2 allows remote attackers to read arbitrary files by specifying the file in the $Attach$ hidden form variable.... Read more

    Affected Products : mailers
    • EPSS Score: %0.40
    • Published: Oct. 20, 2000
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3245

    Multiple cross-site scripting (XSS) vulnerabilities in activatemember in mvnForum 1.0 GA and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) member and (2) activatecode parameters.... Read more

    Affected Products : mvnforum
    • EPSS Score: %0.56
    • Published: Jun. 27, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 291728 Results