Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2006-1725

    Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1 causes certain windows to become translucent due to an interaction between XUL content windows and the history mechanism, which might allow user-assisted remote attackers to trick users into ex... Read more

    Affected Products : firefox seamonkey
    • EPSS Score: %2.53
    • Published: Apr. 14, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2010-0808

    Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive form information via a crafted web site, aka "AutoComplet... Read more

    • EPSS Score: %29.56
    • Published: Oct. 13, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-4624

    CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI.... Read more

    Affected Products : mailman
    • EPSS Score: %2.39
    • Published: Sep. 07, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-3110

    Race condition in ebtables netfilter module (ebtables.c) in Linux 2.6, when running on an SMP system that is operating under a heavy load, might allow remote attackers to cause a denial of service (crash) via a series of packets that cause a value to be m... Read more

    Affected Products : linux_kernel enterprise_linux
    • EPSS Score: %2.47
    • Published: Sep. 30, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2312

    Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches.... Read more

    Affected Products : windows skype
    • EPSS Score: %4.38
    • Published: May. 19, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2008-4456

    Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by plac... Read more

    Affected Products : mysql mysql
    • EPSS Score: %4.68
    • Published: Oct. 06, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-0898

    Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael.... Read more

    Affected Products : crypt_cbc
    • EPSS Score: %1.06
    • Published: Feb. 25, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2013-2207

    pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.... Read more

    Affected Products : fedora glibc
    • EPSS Score: %0.07
    • Published: Oct. 09, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-5772

    Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat.... Read more

    Affected Products : jdk jre jre jdk
    • EPSS Score: %1.47
    • Published: Oct. 16, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-1729

    The WebGL implementation in Mozilla Firefox before 24.0, when NVIDIA graphics drivers are used on Mac OS X, allows remote attackers to obtain desktop-screenshot data by reading from a CANVAS element.... Read more

    Affected Products : firefox mac_os_x
    • EPSS Score: %0.43
    • Published: Sep. 18, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2014-3966

    Cross-site scripting (XSS) vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid userna... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.43
    • Published: Jun. 06, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2012-3558

    Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during unusually timed changes to this field, which makes it easier for user-assisted remote attackers to conduct spoofing attacks via vectors involving naviga... Read more

    Affected Products : opera_browser
    • EPSS Score: %0.34
    • Published: Jun. 14, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2014-6527

    Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476.... Read more

    Affected Products : jre
    • EPSS Score: %2.66
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2014-4208

    Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4220.... Read more

    Affected Products : jdk jre
    • EPSS Score: %2.09
    • Published: Jul. 17, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2008-5460

    Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, and 9.0 allows remote attackers to affect confidentiality via unknown vectors.... Read more

    Affected Products : bea_product_suite
    • EPSS Score: %0.33
    • Published: Jan. 14, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-0800

    Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML tags with a trailing "<" character, which is interpreted as a ">" character by some web browsers but bypasses the blacklis... Read more

    Affected Products : postnuke
    • EPSS Score: %7.48
    • Published: Feb. 20, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2013-5908

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.... Read more

    • EPSS Score: %5.87
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2010-0213

    BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trust anchor that is configured statically or via DNSSEC Lookaside Validation (DLV), allows remote attackers to cause a denial of service (infinite loop) via a query for an RRSIG record who... Read more

    Affected Products : bind
    • EPSS Score: %1.56
    • Published: Jul. 28, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2014-1504

    The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted docum... Read more

    • EPSS Score: %0.61
    • Published: Mar. 19, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2009-0591

    The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was... Read more

    Affected Products : openssl
    • EPSS Score: %1.84
    • Published: Mar. 27, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 291513 Results