Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2006-1788

    Adobe Document Server for Reader Extensions 6.0, during log on, provides different error messages depending on whether the user ID is valid or invalid, which allows remote attackers to more easily identify valid user IDs via brute force attacks.... Read more

    Affected Products : document_server
    • EPSS Score: %2.14
    • Published: Apr. 13, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1712

    Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument.... Read more

    Affected Products : mailman
    • EPSS Score: %0.56
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-1778

    Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to inject arbitrary web script or HTML via the start parameter.... Read more

    Affected Products : postnuke
    • EPSS Score: %0.41
    • Published: May. 31, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2010-0900

    Unspecified vulnerability in the Network Layer component in Oracle Database Server 9.2.0.8, 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1, when running on Windows, allows remote attackers to affect availability via unknown vectors.... Read more

    Affected Products : database_server windows
    • EPSS Score: %0.70
    • Published: Jul. 13, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-1457

    Safari on Apple Mac OS X 10.4.6, when "Open `safe' files after downloading" is enabled, will automatically expand archives, which could allow remote attackers to overwrite arbitrary files via an archive that contains a symlink.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %1.23
    • Published: May. 12, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2024-20911

    Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracl... Read more

    Affected Products : audit_vault_and_database_firewall
    • Published: Feb. 17, 2024
    • Modified: Mar. 27, 2025

  • 2.6

    LOW
    CVE-2006-1967

    Cross-site scripting (XSS) vulnerability in calendar/Visitor.cgi in KCScripts Calendar, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the sort_order parameter.... Read more

    Affected Products : kcscripts_calendar portal_pack
    • EPSS Score: %0.53
    • Published: Apr. 21, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1969

    Cross-site scripting (XSS) vulnerability in search/search.cgi in an unspecified KCScripts script, probably Search Engine or Site Search, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web s... Read more

    Affected Products : portal_pack
    • EPSS Score: %0.53
    • Published: Apr. 21, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1975

    Cross-site scripting (XSS) vulnerability in guestbook_newentry.php in PHP-Gastebuch 1.61 allows remote attackers to inject arbitrary web script or HTML via the Kommentar field.... Read more

    Affected Products : php-gastebuch
    • EPSS Score: %0.40
    • Published: Apr. 21, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2008-0179

    Cross-site scripting (XSS) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, which is used when composing Forgot Password e-mail m... Read more

    Affected Products : liferay_enterprise_portal
    • EPSS Score: %3.87
    • Published: Feb. 05, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2007-3835

    Cross-site scripting (XSS) vulnerability in Ex Libris MetaLib 3.13 and 4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a resource id that can be discovered through a search.... Read more

    Affected Products : metalib
    • EPSS Score: %0.50
    • Published: Jul. 17, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2011-3975

    A certain HTC update for Android 2.3.4 build GRJ22, when the Sense interface is used on the HTC EVO 3D, EVO 4G, ThunderBolt, and unspecified other devices, provides the HtcLoggers.apk application, which allows user-assisted remote attackers to obtain a li... Read more

    Affected Products : android evo_3d evo_4g thunderbolt
    • EPSS Score: %0.36
    • Published: Oct. 03, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2010-2151

    Cross-site request forgery (CSRF) vulnerability in Fujitsu e-Pares V01 L01 V01 L01, L03, L10, L20, L30, and L40 allows remote attackers to hijack the authentication of users for requests that modify "facility reservation data" via unknown vectors.... Read more

    Affected Products : e-pares
    • EPSS Score: %0.12
    • Published: Jun. 03, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2011-5193

    Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin 1.4.2.3 for WordPress, when the WHOIS widget is enabled, allows remote attackers to inject arbitrary web script or HTML via the domain parameter to ... Read more

    Affected Products : wordpress samswhois
    • EPSS Score: %0.89
    • Published: Sep. 23, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2007-3838

    Cross-site scripting (XSS) vulnerability in takeprofedit.php in TBDev.NET DR 11-10-05-BETA-SF1:111005 and earlier allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of a SCRIPT element in the avatar parameter. NOTE: this... Read more

    Affected Products : dr
    • EPSS Score: %1.48
    • Published: Jul. 17, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2015-7412

    The GatewayScript modules on IBM DataPower Gateways with software 7.2.0.x before 7.2.0.1, when the GatewayScript decryption API or a JWE decrypt action is enabled, do not require signed ciphertext data, which makes it easier for remote attackers to obtain... Read more

    Affected Products : datapower_gateway
    • EPSS Score: %0.21
    • Published: Nov. 08, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2007-3594

    Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in (a) ping.do and (b) traceRoute.do in map/; the (2) reportName, (3) ... Read more

    Affected Products : manageengine_netflow_analyzer
    • EPSS Score: %1.01
    • Published: Jul. 06, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2010-2957

    Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, when "Remember me" logins are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : serendipity
    • EPSS Score: %0.28
    • Published: Sep. 10, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2010-1856

    Cross-site scripting (XSS) vulnerability in index.php in RepairShop2 1.9.023 Trial, when magic_quotes_gpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the prod parameter in a products.details action.... Read more

    Affected Products : repairshop2
    • EPSS Score: %1.19
    • Published: May. 07, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-6502

    Microsoft Internet Explorer before 10 allows remote attackers to obtain sensitive information about the existence of files, and read certain data from files, via a UNC share pathname in the SRC attribute of a SCRIPT element, as demonstrated by reading a n... Read more

    Affected Products : internet_explorer
    • EPSS Score: %6.50
    • Published: Jan. 22, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 292228 Results