Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2006-4486

    Integer overflow in memory allocation routines in PHP before 5.1.6, when running on a 64-bit system, allows context-dependent attackers to bypass the memory_limit restriction.... Read more

    Affected Products : php
    • EPSS Score: %1.56
    • Published: Aug. 31, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-3104

    mt-comments.cgi in Movable Type before 3.2 allows attackers to redirect users to other web sites via URLs in comments.... Read more

    Affected Products : movable_type
    • EPSS Score: %0.40
    • Published: Sep. 28, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2011-3224

    The User Documentation component in Apple Mac OS X through 10.6.8 uses http sessions for updates to App Store help information, which allows man-in-the-middle attackers to execute arbitrary code by spoofing the http server.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %0.53
    • Published: Oct. 14, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2009-0796

    Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.... Read more

    Affected Products : mod_perl http_server
    • EPSS Score: %27.11
    • Published: Apr. 07, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2025-2826

    n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets.... Read more

    Affected Products : eos
    • Published: May. 27, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Misconfiguration

  • 2.6

    LOW
    CVE-2010-2796

    Cross-site scripting (XSS) vulnerability in phpCAS before 1.1.2, when proxy mode is enabled, allows remote attackers to inject arbitrary web script or HTML via a callback URL.... Read more

    Affected Products : phpcas
    • EPSS Score: %0.74
    • Published: Aug. 05, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2011-2465

    Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service (named daemon crash)... Read more

    Affected Products : bind
    • EPSS Score: %14.01
    • Published: Jul. 08, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2011-4940

    The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attack... Read more

    Affected Products : python
    • EPSS Score: %0.40
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2018-0942

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow elevation of privilege, due to how Interne... Read more

    • EPSS Score: %1.64
    • Published: Mar. 14, 2018
    • Modified: Nov. 21, 2024

  • 2.6

    LOW
    CVE-2013-2071

    java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request ... Read more

    Affected Products : tomcat
    • EPSS Score: %6.87
    • Published: Jun. 01, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2010-0213

    BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trust anchor that is configured statically or via DNSSEC Lookaside Validation (DLV), allows remote attackers to cause a denial of service (infinite loop) via a query for an RRSIG record who... Read more

    Affected Products : bind
    • EPSS Score: %1.56
    • Published: Jul. 28, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2015-0504

    Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Error Messages.... Read more

    Affected Products : e-business_suite
    • EPSS Score: %0.31
    • Published: Apr. 16, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2010-4472

    Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous info... Read more

    Affected Products : jre jdk
    • EPSS Score: %8.00
    • Published: Feb. 17, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2011-0865

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affe... Read more

    Affected Products : jre jdk
    • EPSS Score: %3.78
    • Published: Jun. 14, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2015-4456

    ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which allows man-in-the-middle attackers to bypass the user's certificate distrust decision and obtain sensitive information by levera... Read more

    Affected Products : owncloud_desktop_client
    • EPSS Score: %0.16
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2008-2933

    Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involvi... Read more

    Affected Products : firefox
    • EPSS Score: %7.09
    • Published: Jul. 17, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2005-2056

    The Quantum archive decompressor in Clam AntiVirus (ClamAV) before 0.86.1 allows remote attackers to cause a denial of service (application crash) via a crafted Quantum archive.... Read more

    Affected Products : clamav
    • EPSS Score: %1.10
    • Published: Jun. 29, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-3007

    Opera before 8.50 allows remote attackers to spoof the content type of files via a filename with a trailing "." (dot), which might allow remote attackers to trick users into processing dangerous content.... Read more

    Affected Products : opera_browser
    • EPSS Score: %1.45
    • Published: Sep. 21, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-1695

    Multiple cross-site scripting (XSS) vulnerabilities in the RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) rss_url parameter to magpie_slashbox.php, or the url parameter to (2) ma... Read more

    Affected Products : postnuke
    • EPSS Score: %0.34
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-1937

    A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was ori... Read more

    Affected Products : firefox mozilla
    • EPSS Score: %0.80
    • Published: Jun. 14, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 291830 Results