Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2006-1752

    Multiple cross-site scripting (XSS) vulnerabilities in the backend in MvBlog before 1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) body fields in a comment.... Read more

    Affected Products : mvblog
    • EPSS Score: %0.43
    • Published: Apr. 12, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1815

    Multiple cross-site scripting (XSS) vulnerabilities in register.php in Tritanium Bulletin Board (TBB) 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) newuser_realname and (2) newuser_icq parameters, a different vector than ... Read more

    Affected Products : tritanium_bulletin_board
    • EPSS Score: %0.42
    • Published: Apr. 18, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2022-35648

    Nautilus treadmills T616 S/N 100672PRO21140001 through 100672PRO21171980 and T618 S/N 100647PRO21130111 through 100647PRO21183960 with software before 2022-06-09 allow physically proximate attackers to cause a denial of service (fall) by connecting the po... Read more

    Affected Products : t618_firmware t616_firmware t618 t616
    • EPSS Score: %0.08
    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024

  • 2.6

    LOW
    CVE-2009-0455

    Cross-site scripting (XSS) vulnerability in the anonymous comments feature in lib-comment.php in glFusion 1.1.0, 1.1.1, and earlier versions allows remote attackers to inject arbitrary web script or HTML via the username parameter to comment.php.... Read more

    Affected Products : glfusion
    • EPSS Score: %1.10
    • Published: Feb. 11, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-4369

    Absolute path traversal vulnerability in includes/functions_portal.php in IntegraMOD Portal 2.x and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via an absolute pathname in the phpbb_root_path parameter.... Read more

    Affected Products : integramod_portal
    • EPSS Score: %8.37
    • Published: Aug. 26, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3841

    Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before bein... Read more

    Affected Products : webscarab
    • EPSS Score: %0.56
    • Published: Jul. 25, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2008-4549

    The ImageShack Toolbar ActiveX control (ImageShackToolbar.dll) in ImageShack Toolbar 4.5.7, possibly including 4.5.7.69, allows remote attackers to force the upload of arbitrary image files to the ImageShack site via a file: URI argument to the BuildSlide... Read more

    Affected Products : imageshack_toolbar
    • EPSS Score: %6.72
    • Published: Oct. 14, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2005-1683

    Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft Word for the Macintosh, before SP3 for Word 2002, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted mcw file.... Read more

    Affected Products : word
    • EPSS Score: %15.13
    • Published: May. 20, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3246

    Cross-site scripting (XSS) vulnerability in show.php in GL-SH Deaf Forum 6.4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the sort parameter.... Read more

    Affected Products : deaf_forum
    • EPSS Score: %0.53
    • Published: Jun. 27, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2012-2632

    SEIL routers with firmware SEIL/x86 1.00 through 2.35, SEIL/X1 2.30 through 3.75, SEIL/X2 2.30 through 3.75, and SEIL/B1 2.30 through 3.75, when the http-proxy and application-gateway features are enabled, do not properly handle the CONNECT command, which... Read more

    Affected Products : b1_firmware b1 x1 x2 x86_firmware
    • EPSS Score: %0.18
    • Published: Jun. 15, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-0856

    Heap-based buffer overflow in the MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg before 0.9.1, when the lowres option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted H263 media file. NOTE: ... Read more

    Affected Products : ffmpeg
    • EPSS Score: %1.14
    • Published: Aug. 20, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-1808

    Cross-site scripting (XSS) vulnerability in index.php in Lifetype 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the show parameter in a Template operation.... Read more

    Affected Products : lifetype
    • EPSS Score: %0.67
    • Published: Apr. 18, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3365

    V3 Chat allows remote attackers to obtain the installation path via (1) an invalid id parameter to mail/index.php or (2) membername parameter to messenger/online.php, which displays the path in an error page due to an incorrect SQL statement.... Read more

    Affected Products : v3_chat
    • EPSS Score: %0.70
    • Published: Jul. 06, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4011

    PHP remote file inclusion vulnerability in esupport/admin/autoclose.php in Kayako eSupport 2.3.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the subd parameter.... Read more

    Affected Products : esupport
    • EPSS Score: %5.04
    • Published: Aug. 07, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1642

    Cross-site scripting (XSS) vulnerability in Interact 2.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) the search_terms parameter to (a) search.php, and (2) the first_name, (3) last_name, (4) email, (5) password, and (6) confirm... Read more

    Affected Products : interact
    • EPSS Score: %0.43
    • Published: Apr. 06, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-0329

    Directory traversal vulnerability in ZipGenius 5.5 and earlier allows remote attackers to create and possibly modify arbitrary files via a ZIP file with a file whose name includes .. (dot dot) sequences.... Read more

    Affected Products : zipgenius
    • EPSS Score: %0.85
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4975

    Yahoo! Messenger for WAP permits saving messages that contain JavaScript, which allows user-assisted remote attackers to inject arbitrary web script or HTML via a URL at the online service.... Read more

    Affected Products : messenger
    • EPSS Score: %0.32
    • Published: Sep. 25, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2009-4652

    The (1) Conn_GetCipherInfo and (2) Conn_UsesSSL functions in src/ngircd/conn.c in ngIRCd 13 and 14, when SSL/TLS support is present and standalone mode is disabled, allow remote attackers to cause a denial of service (application crash) by sending the MOT... Read more

    Affected Products : ngircd ngircd
    • EPSS Score: %1.11
    • Published: Feb. 26, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-3300

    IBM WebSphere Commerce 7.0 before 7.0.0.6, when persistent sessions and personalization IDs are enabled, allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors.... Read more

    Affected Products : websphere_commerce
    • EPSS Score: %0.59
    • Published: Sep. 25, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2000-0518

    Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities.... Read more

    Affected Products : internet_explorer ie
    • EPSS Score: %2.19
    • Published: Jun. 05, 2000
    • Modified: Apr. 03, 2025
Showing 20 of 291750 Results