Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2022-3521

    A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race condition. It is recommended to apply a pa... Read more

    Affected Products : linux_kernel debian_linux
    • EPSS Score: %0.02
    • Published: Oct. 16, 2022
    • Modified: Nov. 21, 2024

  • 2.6

    LOW
    CVE-2006-4210

    nu_mail.inc.php in Andreas Kansok phPay 2.02 and 2.02.1, when register_globals is enabled, allows remote attackers to use the server as an open mail relay via modified mail_text2, user_row[5], nu_mail_1, and shop_mail parameters. NOTE: some of these deta... Read more

    Affected Products : phpay
    • EPSS Score: %5.90
    • Published: Aug. 17, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-2414

    Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service (application crash) via a large HTML file that loads a DOM call from within nested DIV tags, ... Read more

    Affected Products : xpcom
    • EPSS Score: %5.00
    • Published: Aug. 03, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3326

    Directory traversal vulnerability in QuickZip 3.06.3 allows remote user-assisted attackers to overwrite arbitrary files or directories via .. (dot dot) sequences in filenames within (1) TAR,(2) GZ, and (3) JAR archives. NOTE: the provenance of this infor... Read more

    Affected Products : quickzip
    • EPSS Score: %1.43
    • Published: Jun. 30, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3342

    Cross-site scripting (XSS) vulnerability in index.php in Arctic 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search cmd.... Read more

    Affected Products : arctic
    • EPSS Score: %0.62
    • Published: Jul. 03, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3337

    Cross-site scripting (XSS) vulnerability in frontend/x/files/select.html in cPanel 10.8.2-CURRENT 118 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter.... Read more

    Affected Products : cpanel
    • EPSS Score: %1.04
    • Published: Jul. 03, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3356

    The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and earlier allows remote user-assisted attackers to cause a denial of service (application crash) via an invalid tag value in a TIFF image, possibly triggering a null dereference. NOTE: This... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %0.74
    • Published: Jul. 06, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-3402

    The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly other versions, does not notify users when it cannot establish a secure channel with the server, which allows remote attackers to obtain authentication information without detection vi... Read more

    Affected Products : thunderbird
    • EPSS Score: %0.29
    • Published: Nov. 01, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-6068

    Directory traversal vulnerability in the cached_album function in functions.php for mAlbum 0.3 and earlier allows remote attackers to list filenames of arbitrary images via a .. (dot dot) in the gal parameter to index.php.... Read more

    Affected Products : malbum
    • EPSS Score: %0.64
    • Published: Nov. 22, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-3484

    Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) show_courses or (2) current_cat parameters to (a) admin/create_course.php, show_courses parameter to (b) u... Read more

    Affected Products : atutor
    • EPSS Score: %1.15
    • Published: Jul. 10, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4080

    DeluxeBB 1.08, and possibly earlier, uses cookies that include the MD5 hash of a password, which allows remote attackers to gain privileges by sniffing or cross-site scripting (XSS) and conduct password guessing attacks.... Read more

    Affected Products : deluxebb
    • EPSS Score: %0.33
    • Published: Aug. 11, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2000-0892

    Some telnet clients allow remote telnet servers to request environment variables from the client that may contain sensitive information, or remote web servers to obtain the information via a telnet: URL.... Read more

    Affected Products : openlinux u_win
    • EPSS Score: %0.66
    • Published: Jul. 21, 2001
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-5800

    Cross-site scripting (XSS) vulnerability in default.asp in xenis.creator CMS allows remote attackers to inject arbitrary web script or HTML via the nav parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from t... Read more

    Affected Products : xenis.creator_cms
    • EPSS Score: %0.29
    • Published: Nov. 08, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-5432

    Multiple direct static code injection vulnerabilities in db/txt.inc.php in phpPowerCards 2.10, when register_globals is enabled, allow remote attackers to create or overwrite arbitrary files via the (1) email[to], (2) email[from], (3) name[to], (4) name[f... Read more

    Affected Products : phppowercards
    • EPSS Score: %9.39
    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2005-3997

    Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows remote attackers to obtain sensitive information via direct requests to files in the admin/includes directory, including (1) graphs/banner_daily.php, (2) graphs/banner_infobox.php, (3) ... Read more

    Affected Products : zen_cart zen_cart
    • EPSS Score: %0.99
    • Published: Dec. 05, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3848

    Cross-site scripting (XSS) vulnerability in CGI wrapper for IP Calculator (IPCalc) 0.40 allows remote attackers to inject arbitrary web script or HTML via the URI (REQUEST_URI environment variable), which is used in the actionurl variable.... Read more

    Affected Products : ip_calculator
    • EPSS Score: %0.80
    • Published: Jul. 25, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-5404

    Unspecified vulnerability in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to obtain sensitive information via unspeci... Read more

    • EPSS Score: %0.71
    • Published: Oct. 19, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-1418

    Cross-site scripting (XSS) vulnerability in default.asp in Caloris Planitia E-School Management System 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.... Read more

    Affected Products : e-school_management_system
    • EPSS Score: %0.62
    • Published: Mar. 28, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1554

    Cross-site scripting (XSS) vulnerability in VSNS Lemon 3.2.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter while adding a comment.... Read more

    Affected Products : vsns_lemon
    • EPSS Score: %0.53
    • Published: Mar. 31, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4726

    Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 6.1 through 7.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a ColdFusion error page.... Read more

    Affected Products : coldfusion
    • EPSS Score: %2.04
    • Published: Sep. 14, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 291617 Results