Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2004-2011

    msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to cause a denial of service (crash) via a single & (ampersand) in a <Ref href> link, which triggers a parsing error, possibly due to missing portions of the URI.... Read more

    Affected Products : internet_explorer
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2022-21929

    Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Jan. 11, 2022
    • Modified: Nov. 21, 2024

  • 2.6

    LOW
    CVE-2014-1647

    Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform block-data moves, which allows remote attackers to cause a denial of service (read access violation and application crash) via ... Read more

    Affected Products : encryption_desktop pgp_desktop
    • Published: Apr. 23, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2024-47784

    Unverified Password Change for ANC software that allows an authenticated attacker to bypass the old Password check in the password change form via a web HMI This issue affects ANC software version 1.1.4 and earlier.... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Authentication

  • 2.6

    LOW
    CVE-2006-2651

    Cross-site scripting (XSS) vulnerability in index.php in Vacation Rental Script 1.0 allows remote attackers to inject arbitrary web script or HTML via the obj parameter.... Read more

    Affected Products : vacation_rental_script
    • Published: May. 30, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4573

    Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences.... Read more

    Affected Products : screen
    • Published: Oct. 24, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2001-0184

    eEye Iris 1.01 beta allows remote attackers to cause a denial of service via a malformed packet, which causes Iris to crash when a user views the packet.... Read more

    Affected Products : iris
    • Published: Mar. 26, 2001
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4303

    Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun Solaris 10 allows remote attackers to cause a denial of service ("tight loop" and CPU consumption for listener applications) via unknown vectors related to TCP fusion (do_tcp_fusion).... Read more

    Affected Products : solaris
    • Published: Aug. 23, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4569

    The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cro... Read more

    Affected Products : firefox enterprise_linux
    • Published: Sep. 15, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4486

    Integer overflow in memory allocation routines in PHP before 5.1.6, when running on a 64-bit system, allows context-dependent attackers to bypass the memory_limit restriction.... Read more

    Affected Products : php
    • Published: Aug. 31, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1945

    Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the config parameter. NOTE: this might be the same core issue as CVE-2005-2732.... Read more

    Affected Products : awstats awstats
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-3104

    mt-comments.cgi in Movable Type before 3.2 allows attackers to redirect users to other web sites via URLs in comments.... Read more

    Affected Products : movable_type
    • Published: Sep. 28, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2014-1646

    Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform memory copies, which allows remote attackers to cause a denial of service (read access violation and application crash) via a m... Read more

    Affected Products : encryption_desktop pgp_desktop
    • Published: Apr. 23, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2006-3264

    Cross-site scripting (XSS) vulnerability in mclient.cgi in Namo DeepSearch 4.5 allows remote attackers to inject arbitrary web script or HTML via the p parameter.... Read more

    Affected Products : deepsearch
    • Published: Jun. 27, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2007-1558

    The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, in... Read more

    Affected Products : apop_protocol
    • Published: Apr. 16, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2012-0542

    Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Runtime Catalog.... Read more

    Affected Products : e-business_suite
    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-6146

    Buffer overflow in the HPDF_Page_Circle function in hpdf_page_operator.c in Takeshi Kanno Haru Free PDF Library (libharu2, aka libharu) 2.0.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via certain argum... Read more

    Affected Products : haru_free_pdf_library
    • Published: Nov. 28, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2010-0132

    Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "search_re input,... Read more

    Affected Products : viewvc
    • Published: Mar. 31, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2008-0995

    The Printing component in Apple Mac OS X 10.5.2 uses 40-bit RC4 when printing to an encrypted PDF file, which makes it easier for attackers to decrypt the file via brute force methods.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Mar. 18, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2013-2139

    Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions.... Read more

    Affected Products : fedora opensuse libsrtp
    • Published: Jan. 16, 2014
    • Modified: Apr. 11, 2025
Showing 20 of 292862 Results