Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2015-4926

    Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.1, and 12.2 allows remote attackers to affect integrity via vectors related to UIX.... Read more

    Affected Products : e-business_suite
    • EPSS Score: %0.31
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2008-5460

    Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, and 9.0 allows remote attackers to affect confidentiality via unknown vectors.... Read more

    Affected Products : bea_product_suite
    • EPSS Score: %0.33
    • Published: Jan. 14, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2013-5908

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.... Read more

    • EPSS Score: %5.87
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2010-0213

    BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trust anchor that is configured statically or via DNSSEC Lookaside Validation (DLV), allows remote attackers to cause a denial of service (infinite loop) via a query for an RRSIG record who... Read more

    Affected Products : bind
    • EPSS Score: %1.56
    • Published: Jul. 28, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2009-1710

    WebKit in Apple Safari before 4.0 allows remote attackers to spoof the browser's display of (1) the host name, (2) security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property.... Read more

    Affected Products : safari
    • EPSS Score: %0.74
    • Published: Jun. 10, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2014-1504

    The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted docum... Read more

    • EPSS Score: %0.61
    • Published: Mar. 19, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2024-37181

    Time-of-check time-of-use race condition in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable information disclosure via adjacent access.... Read more

    Affected Products :
    • Published: Jan. 16, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Race Condition

  • 2.6

    LOW
    CVE-2006-4914

    Directory traversal vulnerability in A.l-Pifou 1.8p2 allows remote attackers to read arbitrary files via ".." sequences in the ze_langue_02 cookie, as demonstrated by using the choix_lng parameter to choix_langue.php to indirectly set the cookie, then acc... Read more

    Affected Products : a.l-pifou
    • EPSS Score: %0.84
    • Published: Sep. 21, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2024-30252

    Livemarks is a browser extension that provides RSS feed bookmark folders. Versions of Livemarks prior to 3.7 are vulnerable to cross-site request forgery. A malicious website may be able to coerce the extension to send an authenticated GET request to an a... Read more

    Affected Products :
    • Published: Apr. 04, 2024
    • Modified: Aug. 27, 2025

  • 2.6

    LOW
    CVE-2015-0504

    Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Error Messages.... Read more

    Affected Products : e-business_suite
    • EPSS Score: %0.31
    • Published: Apr. 16, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2011-0865

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affe... Read more

    Affected Products : jre jdk
    • EPSS Score: %3.78
    • Published: Jun. 14, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2011-3253

    CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.12
    • Published: Oct. 14, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2008-3457

    Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in whi... Read more

    Affected Products : phpmyadmin
    • EPSS Score: %0.59
    • Published: Aug. 04, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2008-3326

    Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the etitle parameter (blog entry title).... Read more

    Affected Products : moodle
    • EPSS Score: %0.55
    • Published: Jul. 25, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-0733

    Cross-site scripting (XSS) vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as (1) onfocus and (2) onblur in the "author's website" field. NOTE: followup comments to the resear... Read more

    Affected Products : wordpress
    • EPSS Score: %0.61
    • Published: Feb. 16, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2012-5868

    WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack.... Read more

    Affected Products : wordpress
    • EPSS Score: %0.70
    • Published: Dec. 27, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2008-5161

    Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IB... Read more

    • EPSS Score: %3.80
    • Published: Nov. 19, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2012-6618

    The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a crafted MP3 file, possibly related to frame size or lack of s... Read more

    Affected Products : ffmpeg
    • EPSS Score: %1.05
    • Published: Dec. 24, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2014-9507

    MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content model for a revision to JS.... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.27
    • Published: Jan. 04, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2003-1581

    The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequenc... Read more

    Affected Products : http_server
    • EPSS Score: %0.90
    • Published: Feb. 05, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 291915 Results