Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2005-1793

    User32.DLL in Microsoft Windows 98SE, and possibly other operating systems, allows local and remote attackers to cause a denial of service (crash) via an icon (.ico) bitmap file with large width and height values.... Read more

    Affected Products : windows_98se
    • EPSS Score: %8.92
    • Published: Jun. 01, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2008-3574

    Multiple cross-site scripting (XSS) vulnerabilities in Pluck 4.5.2, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) lang_footer parameter to (a) data/inc/footer.php; the (2) pluck_version, (3) la... Read more

    Affected Products : pluck pluck
    • EPSS Score: %1.48
    • Published: Aug. 10, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-4975

    Yahoo! Messenger for WAP permits saving messages that contain JavaScript, which allows user-assisted remote attackers to inject arbitrary web script or HTML via a URL at the online service.... Read more

    Affected Products : messenger
    • EPSS Score: %0.32
    • Published: Sep. 25, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3656

    Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-assisted attackers to cause memory corruption via a crafted PowerPoint file, which triggers the corruption when the file is closed. NOTE: due to the lack of available details as of 200607... Read more

    Affected Products : powerpoint
    • EPSS Score: %65.97
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4011

    PHP remote file inclusion vulnerability in esupport/admin/autoclose.php in Kayako eSupport 2.3.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the subd parameter.... Read more

    Affected Products : esupport
    • EPSS Score: %5.04
    • Published: Aug. 07, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2000-0518

    Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities.... Read more

    Affected Products : internet_explorer ie
    • EPSS Score: %2.19
    • Published: Jun. 05, 2000
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3571

    Multiple cross-site scripting (XSS) vulnerabilities in interna/hilfe.php in Papoo 3 RC3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) titel or (2) ausgabe parameters.... Read more

    Affected Products : papoo
    • EPSS Score: %10.52
    • Published: Jul. 13, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2012-5588

    The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when using a field permission module and the field contact field formatter is set to the full or teaser display mode, does not properly check permissions, which allows remote attackers to email the... Read more

    Affected Products : drupal email email
    • EPSS Score: %0.21
    • Published: Dec. 26, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-1944

    Multiple cross-site scripting (XSS) vulnerabilities in SibSoft CommuniMail 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the list_id parameter in mailadmin.cgi and (2) the form_id parameter in templates.cgi.... Read more

    Affected Products : communimail
    • EPSS Score: %0.95
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2009-1823

    Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.7 and 6.x before 6.x-1.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML by modifying a document head... Read more

    Affected Products : drupal print
    • EPSS Score: %0.52
    • Published: May. 29, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2024-39271

    Improper restriction of communication channel to intended endpoints in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software before version 23.80 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.... Read more

    Affected Products :
    • Published: Feb. 12, 2025
    • Modified: Feb. 12, 2025
    • Vuln Type: Information Disclosure

  • 2.6

    LOW
    CVE-2007-3807

    Multiple cross-site scripting (XSS) vulnerabilities in SiteScape Forum before 7.3 allow remote attackers to inject arbitrary web script or HTML via the user name field in the login procedure, and other unspecified vectors.... Read more

    Affected Products : sitescape_forum
    • EPSS Score: %0.48
    • Published: Jul. 17, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2025-0148

    Missing password field masking in the Zoom Jenkins Marketplace plugin before version 1.6 may allow an unauthenticated user to conduct a disclosure of information via adjacent network access.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Information Disclosure

  • 2.6

    LOW
    CVE-2006-1748

    Cross-site scripting (XSS) vulnerability in XMB Forum 1.9.5 allows remote attackers to inject arbitrary web script or HTML by uploading a Flash (.SWF) video that contains a getURL function call, which causes the video to be rendered without disabling Acti... Read more

    Affected Products : xmb_forum
    • EPSS Score: %0.36
    • Published: Apr. 12, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1904

    Cross-site scripting (XSS) vulnerability in index.php in AnimeGenesis Gallery allows remote attackers to inject arbitrary web script or HTML via the cat parameter.... Read more

    Affected Products : gallery
    • EPSS Score: %0.30
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2997

    Cross-site scripting (XSS) vulnerability in ZMS 2.9 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the raw parameter in the search field.... Read more

    Affected Products : zms
    • EPSS Score: %0.61
    • Published: Jun. 13, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2406

    Directory traversal vulnerability in bb_lib/abbc.css.php in Unclassified NewsBoard (UNB) 1.5.3-d and possibly earlier versions, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing ... Read more

    Affected Products : unclassified_newsboard
    • EPSS Score: %3.36
    • Published: May. 16, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1898

    Multiple cross-site scripting (XSS) vulnerabilities in Ralph Capper Tiny PHP Forum (TPF) 3.6 allow remote attackers to inject arbitrary web script or HTML via (1) the uname parameter in a view action in profile.php and (2) a login name. NOTE: the "Access... Read more

    Affected Products : tinyphpforum
    • EPSS Score: %0.43
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2009-2006

    Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) search_term parameter to main/auth/courses.php; the (2) frm_title and (3) frm_content para... Read more

    Affected Products : dokeos
    • EPSS Score: %0.54
    • Published: Jun. 08, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-1841

    Cross-site scripting (XSS) vulnerability in search.php in boastMachine (bMachine) 2.7, and possibly other versions before 2.9b, allows remote attackers to inject arbitrary web script or HTML via the key parameter, as used by the search field.... Read more

    Affected Products : boastmachine
    • EPSS Score: %0.43
    • Published: Apr. 19, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 291921 Results