Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2002-0284

    Winamp 2.78 and 2.77, when opening a wma file that requires a license, sends the full path of the Temporary Internet Files directory to the web page that is processing the license, which could allow malicious web servers to obtain the pathname.... Read more

    Affected Products : winamp
    • EPSS Score: %0.45
    • Published: May. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-1331

    The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the "File Download - Security Warning" dialog and save arbitrary files with arbitrary extensions via the SaveAs command.... Read more

    Affected Products : internet_explorer ie
    • EPSS Score: %27.11
    • Published: Nov. 16, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2001-0685

    Thibault Godouet FCron prior to 1.1.1 allows a local user to corrupt another user's crontab file via a symlink attack on the fcrontab temporary file.... Read more

    Affected Products : fcron
    • EPSS Score: %0.16
    • Published: Sep. 20, 2001
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2001-0091

    The ActiveX control for invoking a scriptlet in Internet Explorer 5.0 through 5.5 renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka a variant of the "Scriptlet Rendering" vulnerability.... Read more

    Affected Products : internet_explorer
    • EPSS Score: %13.45
    • Published: Feb. 16, 2001
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1795

    Cross-site scripting (XSS) vulnerability in tablepublisher.cgi in UPDI Network Enterprise @1 Table Publisher 2006-03-23 allows remote attackers to inject arbitrary web script or HTML via the Title of Table field.... Read more

    Affected Products : at1_event_publisher
    • EPSS Score: %0.34
    • Published: Apr. 17, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2015-6627

    The Audio component in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information via a crafted audio file, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24211743.... Read more

    Affected Products : android
    • EPSS Score: %0.16
    • Published: Dec. 08, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2024-45719

    Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users a... Read more

    Affected Products : answer
    • Published: Nov. 22, 2024
    • Modified: Jul. 01, 2025

  • 2.6

    LOW
    CVE-2014-2000

    The NTT 050 plus application before 4.2.1 for Android allows attackers to obtain sensitive information by leveraging the ability to read system log files.... Read more

    Affected Products : 050_plus
    • EPSS Score: %0.29
    • Published: Jun. 18, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2014-3737

    Cross-site scripting (XSS) vulnerability in templates/defaultheader.php in Lamp Design Storesprite before 7 - 19-06-14, when using the currency selection dropdown, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to brand.p... Read more

    Affected Products : storesprite
    • EPSS Score: %0.62
    • Published: Jul. 02, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2015-7412

    The GatewayScript modules on IBM DataPower Gateways with software 7.2.0.x before 7.2.0.1, when the GatewayScript decryption API or a JWE decrypt action is enabled, do not require signed ciphertext data, which makes it easier for remote attackers to obtain... Read more

    Affected Products : datapower_gateway
    • EPSS Score: %0.21
    • Published: Nov. 08, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2006-2366

    ircp_io.c in libopenobex for ircp 1.2, when ircp is run with the -r option, does not prompt the user when overwriting files, which allows user-assisted remote attackers to overwrite dangerous files via an arbitrary destination file name in an OBEX File Tr... Read more

    Affected Products : openobex
    • EPSS Score: %0.39
    • Published: May. 15, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2258

    Cross-site scripting (XSS) vulnerability in Logon.asp in MaxxSchedule 1.0 allows remote attackers to inject arbitrary web script or HTML via the Error parameter.... Read more

    Affected Products : maxxschedule
    • EPSS Score: %0.62
    • Published: May. 09, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-0585

    Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks.... Read more

    Affected Products : firefox mozilla
    • EPSS Score: %1.35
    • Published: Mar. 25, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-0402

    Firefox before 1.0.2 allows remote attackers to execute arbitrary code by tricking a user into saving a page as a Firefox sidebar panel, then using the sidebar panel to inject Javascript into a privileged page.... Read more

    Affected Products : firefox
    • EPSS Score: %1.44
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2572

    Cross-site scripting (XSS) vulnerability in index.php in DGBook 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) homepage, (3) email, and (4) address parameters.... Read more

    Affected Products : dgbook
    • EPSS Score: %0.56
    • Published: May. 24, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2571

    Cross-site scripting (XSS) vulnerability in search.html in Alkacon OpenCms 6.0.0, 6.0.2, and 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search action.... Read more

    Affected Products : opencms
    • EPSS Score: %0.62
    • Published: May. 24, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2015-8577

    The Buffer Overflow Protection (BOP) feature in McAfee VirusScan Enterprise before 8.8 Patch 6 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses on 32-bit platforms when protecting another application, which allows atta... Read more

    Affected Products : virusscan_enterprise
    • EPSS Score: %0.02
    • Published: Dec. 16, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2015-2047

    The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authentication via a password that is casted to an empty value.... Read more

    Affected Products : debian_linux typo3
    • EPSS Score: %0.77
    • Published: Feb. 23, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2013-5951

    Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer 2.1.3, when used as a component for Joomla!, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) application.js.php in scripts/ or (2) admin.php, (3) copy_... Read more

    Affected Products : extplorer
    • EPSS Score: %0.32
    • Published: Mar. 25, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2011-3634

    methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors.... Read more

    Affected Products : ubuntu_linux advanced_package_tool
    • EPSS Score: %0.16
    • Published: Mar. 01, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 291739 Results