Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2005-2343

    Research in Motion (RIM) BlackBerry Handheld web browser for BlackBerry Handheld before 4.0.2 allows remote attackers to cause a denial of service (hang) via a Java Application Description (JAD) file with a long application name and vendor string, which p... Read more

    • EPSS Score: %1.95
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-5451

    Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) file, and (3) users array variables in (a) admin.php, which are not properly handled when the admi... Read more

    Affected Products : torrentflux
    • EPSS Score: %1.10
    • Published: Oct. 23, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2012-2907

    Cross-site scripting (XSS) vulnerability in the aberdeen_breadcrumb function in template.php in the Aberdeen theme 6.x-1.x before 6.x-1.11 for Drupal, when set to append the content title to the breadcrumb, allows remote attackers to inject arbitrary web ... Read more

    Affected Products : drupal aberdeen
    • EPSS Score: %0.54
    • Published: May. 21, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-4975

    Yahoo! Messenger for WAP permits saving messages that contain JavaScript, which allows user-assisted remote attackers to inject arbitrary web script or HTML via a URL at the online service.... Read more

    Affected Products : messenger
    • EPSS Score: %0.32
    • Published: Sep. 25, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2003-0956

    Multiple race conditions in the handling of O_DIRECT in Linux kernel prior to version 2.4.22 could cause stale data to be returned from the disk when handling sparse files, or cause incorrect data to be returned when a file is truncated as it is being rea... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.08
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2913

    Cross-site scripting (XSS) vulnerability in SelectaPix 1.31 allows remote attackers to inject arbitrary web script or HTML via the albumID parameter to (1) popup.php and (2) view_album.php.... Read more

    Affected Products : selectapix
    • EPSS Score: %0.74
    • Published: Jun. 09, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2012-3300

    IBM WebSphere Commerce 7.0 before 7.0.0.6, when persistent sessions and personalization IDs are enabled, allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors.... Read more

    Affected Products : websphere_commerce
    • EPSS Score: %0.59
    • Published: Sep. 25, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-1999-0869

    Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing.... Read more

    Affected Products : internet_explorer navigator
    • EPSS Score: %13.00
    • Published: Dec. 01, 1998
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2012-2703

    Cross-site scripting (XSS) vulnerability in the Advertisement module 6.x-2.x before 6.x-2.3 for Drupal, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to the "$conf variable in settings.php."... Read more

    Affected Products : drupal advertisement
    • EPSS Score: %0.36
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-4011

    PHP remote file inclusion vulnerability in esupport/admin/autoclose.php in Kayako eSupport 2.3.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the subd parameter.... Read more

    Affected Products : esupport
    • EPSS Score: %5.04
    • Published: Aug. 07, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-0487

    The DHTML Edit ActiveX control in Internet Explorer allows remote attackers to read arbitrary files.... Read more

    Affected Products : internet_explorer
    • EPSS Score: %21.09
    • Published: May. 01, 1999
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2007-4831

    Multiple cross-site scripting (XSS) vulnerabilities in account_settings.php in TorrentTrader 1.07 allow remote attackers to inject arbitrary web script or HTML via the (1) avatar and (2) title parameters.... Read more

    Affected Products : torrenttrader
    • EPSS Score: %0.33
    • Published: Sep. 12, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2008-0266

    Cross-site request forgery (CSRF) vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks. NOTE: either the old password must be known, or the attacker mu... Read more

    Affected Products : eticket
    • EPSS Score: %0.40
    • Published: Jan. 15, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2013-0466

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Message Broker 7.0 before 7.0.0.6 and 8.0 before 8.0.0.2, when wsdl support is enabled on a SOAPInput node, allows remote attackers to inject arbitrary web script or HTML via a wsdl request that is... Read more

    Affected Products : websphere_message_broker
    • EPSS Score: %0.27
    • Published: Feb. 20, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-2723

    Cross-site scripting (XSS) vulnerability in the Maestro module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with maestro admin permissions to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal maestro
    • EPSS Score: %0.43
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-3301

    Multiple cross-site scripting (XSS) vulnerabilities in phpQLAdmin 2.2.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) user_add.php or (2) unit_add.php.... Read more

    Affected Products : phpqladmin
    • EPSS Score: %0.43
    • Published: Jun. 29, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2011-1068

    Microsoft Windows Azure Software Development Kit (SDK) 1.3.x before 1.3.20121.1237, when Full IIS and a Web Role are used with an ASP.NET application, does not properly support the use of cookies for maintaining state, which allows remote attackers to obt... Read more

    Affected Products : windows_azure_sdk
    • EPSS Score: %15.95
    • Published: Feb. 23, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2004-2219

    Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake.... Read more

    Affected Products : internet_explorer ie
    • EPSS Score: %15.09
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2012-6582

    Cross-site scripting (XSS) vulnerability in the Spambot module 6.x-3.x before 6.x-3.2 and 7.x-1.x before 7.x-1.1 for Drupal allows certain remote attackers to inject arbitrary web script or HTML via a stopforumspam.com API response, which is logged by the... Read more

    Affected Products : drupal spambot
    • EPSS Score: %0.52
    • Published: Aug. 20, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2004-2476

    Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (infinite loop and crash) via an IFRAME with "?" as the file source.... Read more

    Affected Products : internet_explorer
    • EPSS Score: %27.01
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 291739 Results