Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2013-4065

    Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote attackers to inject arbitrary web script or HTML via active content in an e-mail message, aka S... Read more

    Affected Products : lotus_inotes lotus_domino
    • EPSS Score: %0.24
    • Published: Dec. 21, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-1253

    Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.7, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via vectors involving an embedded image attachment.... Read more

    Affected Products : webmail roundcube_webmail
    • EPSS Score: %0.25
    • Published: Jun. 04, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-1164

    slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned.... Read more

    Affected Products : openldap
    • EPSS Score: %15.20
    • Published: Jun. 29, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2011-2694

    Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username par... Read more

    Affected Products : ubuntu_linux debian_linux samba
    • EPSS Score: %3.38
    • Published: Jul. 29, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2018-1002102

    Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redire... Read more

    Affected Products : fedora kubernetes
    • EPSS Score: %0.28
    • Published: Dec. 05, 2019
    • Modified: Nov. 21, 2024

  • 2.6

    LOW
    CVE-2011-3218

    The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the htt... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %0.66
    • Published: Oct. 14, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-4534

    org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminatin... Read more

    Affected Products : tomcat
    • EPSS Score: %22.77
    • Published: Dec. 19, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-0962

    Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 6.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted content that is not properly handled during a copy-and-paste operation.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.32
    • Published: Jan. 29, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2011-3427

    The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive inform... Read more

    Affected Products : iphone_os apple_tv
    • EPSS Score: %0.31
    • Published: Oct. 14, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2010-3560

    Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality via unknown vectors.... Read more

    Affected Products : jre jdk
    • EPSS Score: %3.51
    • Published: Oct. 19, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-2037

    httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attack... Read more

    Affected Products : ubuntu_linux httplib2
    • EPSS Score: %0.49
    • Published: Jan. 18, 2014
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-4600

    Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an... Read more

    Affected Products : otrs otrs_itsm
    • EPSS Score: %1.05
    • Published: Aug. 31, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-5772

    Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat.... Read more

    Affected Products : jdk jre jre jdk
    • EPSS Score: %1.47
    • Published: Oct. 16, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-3558

    Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during unusually timed changes to this field, which makes it easier for user-assisted remote attackers to conduct spoofing attacks via vectors involving naviga... Read more

    Affected Products : opera_browser
    • EPSS Score: %0.34
    • Published: Jun. 14, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-1786

    Cross-site scripting (XSS) vulnerability in Adobe Document Server for Reader Extensions 6.0 allows remote attackers to inject arbitrary web script or HTML via (1) the actionID parameter in ads-readerext and (2) the op parameter in AlterCast. NOTE: it is n... Read more

    Affected Products : document_server
    • EPSS Score: %5.47
    • Published: Apr. 13, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-0452

    Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink at... Read more

    Affected Products : perl
    • EPSS Score: %0.05
    • Published: Dec. 21, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2015-5667

    Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment.... Read more

    Affected Products : html-scrubber
    • EPSS Score: %0.48
    • Published: Oct. 31, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2010-2751

    The nsDocShell::OnRedirectStateChange function in docshell/base/nsDocShell.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to spoof the SSL security status of a document via vectors in... Read more

    Affected Products : firefox seamonkey
    • EPSS Score: %0.25
    • Published: Jul. 30, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-5559

    Cross-site scripting (XSS) vulnerability in the page manager node view task in the Chaos tool suite (ctools) module 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with permissions to submit or edit nodes to inject arbitrary web scrip... Read more

    Affected Products : ctools
    • EPSS Score: %0.19
    • Published: Dec. 03, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2011-3552

    Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote attackers to affect integrity via unknown vectors related to Ne... Read more

    Affected Products : jre jdk
    • EPSS Score: %0.97
    • Published: Oct. 19, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 291589 Results