Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2005-2534

    Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not enabled, allows remote attackers to cause a denial of service (server crash) via simultaneous TCP connections from multiple clients that use the same client certificate.... Read more

    Affected Products : openvpn
    • EPSS Score: %0.60
    • Published: Aug. 24, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2010-0808

    Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive form information via a crafted web site, aka "AutoComplet... Read more

    • EPSS Score: %29.56
    • Published: Oct. 13, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-2312

    Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches.... Read more

    Affected Products : windows skype
    • EPSS Score: %4.38
    • Published: May. 19, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2008-4456

    Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by plac... Read more

    Affected Products : mysql mysql
    • EPSS Score: %4.68
    • Published: Oct. 06, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2013-2051

    The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions by performing a replay attack after a nonce becomes stale. NOTE: this issue is due to an incomplete fix ... Read more

    Affected Products : enterprise_linux
    • EPSS Score: %0.34
    • Published: Jul. 09, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-0898

    Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael.... Read more

    Affected Products : crypt_cbc
    • EPSS Score: %1.06
    • Published: Feb. 25, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2010-4448

    Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets... Read more

    Affected Products : jre sdk jdk
    • EPSS Score: %3.24
    • Published: Feb. 17, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-4930

    The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obta... Read more

    Affected Products : firefox chrome
    • EPSS Score: %0.24
    • Published: Sep. 15, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2014-9478

    Cross-site scripting (XSS) vulnerability in the preview in the ExpandTemplates extension for MediaWiki, when $wgRawHTML is set to true, allows remote attackers to inject arbitrary web script or HTML via the wpInput parameter to the Special:ExpandTemplates... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.28
    • Published: Jan. 16, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2007-5712

    The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory cons... Read more

    Affected Products : django django
    • EPSS Score: %1.59
    • Published: Oct. 30, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2010-0537

    DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly resolve pathnames in certain circumstances involving an application's save panel, which allows user-assisted remote attackers to trigger unintended remote file copying via a crafted sh... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %0.24
    • Published: Mar. 30, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-0208

    Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are includ... Read more

    Affected Products : php
    • EPSS Score: %3.29
    • Published: Jan. 13, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2007-5238

    Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to ... Read more

    Affected Products : jre sdk jdk
    • EPSS Score: %0.98
    • Published: Oct. 06, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2010-2322

    Absolute path traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a full pathname for a file within a .jar archive, a related issue to CVE-2010-0831. NOTE: th... Read more

    Affected Products : fastjar
    • EPSS Score: %0.74
    • Published: Jun. 18, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2005-1923

    The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other versions vefore 0.86, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a cabinet (CAB) file with the cffile_FolderOffset field set to ... Read more

    Affected Products : clamav
    • EPSS Score: %0.66
    • Published: Jul. 05, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2009-2268

    Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : java_system_access_manager
    • EPSS Score: %0.24
    • Published: Jul. 01, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2015-2987

    Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, which makes it easier for attackers to obtain plaintext data via differential cryptanalysis of a file with an original length smaller than 128 bits.... Read more

    Affected Products : ed
    • EPSS Score: %0.23
    • Published: Aug. 28, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2006-3612

    Cross-site scripting (XSS) vulnerability in Phorum 5.1.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : phorum
    • EPSS Score: %0.30
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2025-2826

    n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets.... Read more

    Affected Products : eos
    • Published: May. 27, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Misconfiguration

  • 2.6

    LOW
    CVE-2021-29473

    Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading,... Read more

    Affected Products : fedora debian_linux exiv2
    • EPSS Score: %0.14
    • Published: Apr. 26, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291659 Results