Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2014-9478

    Cross-site scripting (XSS) vulnerability in the preview in the ExpandTemplates extension for MediaWiki, when $wgRawHTML is set to true, allows remote attackers to inject arbitrary web script or HTML via the wpInput parameter to the Special:ExpandTemplates... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.28
    • Published: Jan. 16, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2010-2322

    Absolute path traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a full pathname for a file within a .jar archive, a related issue to CVE-2010-0831. NOTE: th... Read more

    Affected Products : fastjar
    • EPSS Score: %0.74
    • Published: Jun. 18, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2014-4208

    Unspecified vulnerability in the Java SE component in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4220.... Read more

    Affected Products : jdk jre
    • EPSS Score: %2.09
    • Published: Jul. 17, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2009-0591

    The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was... Read more

    Affected Products : openssl
    • EPSS Score: %1.84
    • Published: Mar. 27, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2009-1710

    WebKit in Apple Safari before 4.0 allows remote attackers to spoof the browser's display of (1) the host name, (2) security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property.... Read more

    Affected Products : safari
    • EPSS Score: %0.74
    • Published: Jun. 10, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-0208

    Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are includ... Read more

    Affected Products : php
    • EPSS Score: %3.29
    • Published: Jan. 13, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2003-0282

    Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence.... Read more

    • EPSS Score: %12.23
    • Published: Jun. 16, 2003
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2013-5854

    Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality via unknown vectors.... Read more

    Affected Products : jdk jre javafx
    • EPSS Score: %0.38
    • Published: Oct. 16, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2004-0124

    The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."... Read more

    • EPSS Score: %36.36
    • Published: Jun. 01, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-0452

    Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink at... Read more

    Affected Products : perl
    • EPSS Score: %0.05
    • Published: Dec. 21, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1736

    Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link th... Read more

    • EPSS Score: %1.62
    • Published: Apr. 14, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2014-9269

    Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 through 1.2.x before 1.2.18, when Extended project browser is enabled, allows remote attackers to inject arbitrary web script or HTML via the project cookie.... Read more

    Affected Products : debian_linux mantisbt
    • EPSS Score: %0.41
    • Published: Jan. 09, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2002-1233

    A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on te... Read more

    Affected Products : http_server
    • EPSS Score: %0.11
    • Published: Nov. 04, 2002
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2013-0244

    Cross-site scripting (XSS) vulnerability in Drupal 6.x before 6.28 and 7.x before 7.19, when running with older versions of jQuery that are vulnerable to CVE-2011-4969, allows remote attackers to inject arbitrary web script or HTML via vectors involving u... Read more

    Affected Products : drupal
    • EPSS Score: %0.41
    • Published: Jan. 19, 2014
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-4600

    Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an... Read more

    Affected Products : otrs otrs_itsm
    • EPSS Score: %1.05
    • Published: Aug. 31, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2011-3427

    The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive inform... Read more

    Affected Products : iphone_os apple_tv
    • EPSS Score: %0.31
    • Published: Oct. 14, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2005-3089

    Firefox 1.0.6 allows attackers to cause a denial of service (crash) via a Proxy Auto-Config (PAC) script that uses an eval statement. NOTE: it is not clear whether an untrusted party has any role in triggering this issue, so it might not be a vulnerabilit... Read more

    Affected Products : firefox
    • EPSS Score: %0.72
    • Published: Sep. 28, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2013-0962

    Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 6.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted content that is not properly handled during a copy-and-paste operation.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.32
    • Published: Jan. 29, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2014-6502

    Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries.... Read more

    Affected Products : jdk jre
    • EPSS Score: %3.02
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2015-2627

    Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to installation.... Read more

    Affected Products : jdk jre
    • EPSS Score: %1.11
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 292016 Results