Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2006-4624

    CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI.... Read more

    Affected Products : mailman
    • EPSS Score: %2.39
    • Published: Sep. 07, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2312

    Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches.... Read more

    Affected Products : windows skype
    • EPSS Score: %4.38
    • Published: May. 19, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2012-0954

    APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (M... Read more

    Affected Products : advanced_package_tool apt
    • EPSS Score: %0.37
    • Published: Jun. 19, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-3812

    Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to reference remote files and possibly load chrome: URLs by tricking the user into copying or dragging links.... Read more

    Affected Products : firefox thunderbird seamonkey
    • EPSS Score: %13.37
    • Published: Jul. 29, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-0144

    Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks.... Read more

    Affected Products : firefox mozilla
    • EPSS Score: %0.64
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2311

    Cross-site scripting (XSS) vulnerability in BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to inject arbitrary web script or HTML via the filename in a request to a (1) .cfm or (2) .cfml file, which reflects the result in th... Read more

    • EPSS Score: %0.44
    • Published: Jun. 26, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2010-0039

    The Application-Level Gateway (ALG) on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 modifies PORT commands in incoming FTP traffic, which allows remote attackers to use the device's IP a... Read more

    • EPSS Score: %0.31
    • Published: Dec. 22, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2002-1126

    Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, includin... Read more

    Affected Products : linux mozilla galeon_browser
    • EPSS Score: %0.60
    • Published: Sep. 24, 2002
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4567

    Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a mal... Read more

    Affected Products : firefox thunderbird enterprise_linux
    • EPSS Score: %1.86
    • Published: Sep. 15, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-0473

    Argument injection vulnerability in Opera before 7.50 does not properly filter "-" characters that begin a hostname in a telnet URI, which allows remote attackers to insert options to the resulting command line and overwrite arbitrary files via (1) the "-... Read more

    Affected Products : opera_browser
    • EPSS Score: %1.14
    • Published: Jul. 07, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2012-5077

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown ... Read more

    Affected Products : jdk jre jre jdk
    • EPSS Score: %2.04
    • Published: Oct. 16, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-3383

    The map_meta_cap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfiltered_html capability, which allows remote authenticated users to bypass intended access re... Read more

    Affected Products : wordpress
    • EPSS Score: %0.15
    • Published: Jul. 22, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-2766

    Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a lon... Read more

    Affected Products : internet_explorer outlook_express ie
    • EPSS Score: %63.44
    • Published: Jun. 02, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-0141

    Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links "with a custom getter and toString method" that are middle-clicked by the user to be opened in a new tab.... Read more

    Affected Products : firefox mozilla
    • EPSS Score: %0.75
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.5

    LOW
    CVE-2024-20922

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exp... Read more

    • EPSS Score: %0.07
    • Published: Jan. 16, 2024
    • Modified: Nov. 21, 2024

  • 2.5

    LOW
    CVE-2025-23290

    NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a guest could get global GPU metrics which may be influenced by work in other VMs. A successful exploit of this vulnerability might lead to information disclosure.... Read more

    Affected Products :
    • Published: Aug. 02, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Information Disclosure

  • 2.5

    LOW
    CVE-2017-1211

    IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could disclose sensitive information to a local user when logging is enabled. IBM X-Force ID: 123851.... Read more

    Affected Products : daeja_viewone
    • EPSS Score: %0.04
    • Published: Oct. 24, 2017
    • Modified: Apr. 20, 2025

  • 2.5

    LOW
    CVE-2021-2149

    Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Orac... Read more

    • EPSS Score: %0.12
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 2.5

    LOW
    CVE-2025-6170

    A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow atta... Read more

    • Published: Jun. 16, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Denial of Service

  • 2.5

    LOW
    CVE-2025-5642

    A vulnerability classified as problematic has been found in Radare2 5.9.9. Affected is the function r_cons_pal_init in the library /libr/cons/pal.c of the component radiff2. The manipulation leads to memory corruption. The attack needs to be approached lo... Read more

    Affected Products : radare2
    • Published: Jun. 05, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 291608 Results