Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-1999-0870

    Internet Explorer 4.01 allows remote attackers to read arbitrary files by pasting a file name into the file upload control, aka untrusted scripted paste.... Read more

    Affected Products : internet_explorer
    • Published: Oct. 01, 1998
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2000-0726

    CGIMail.exe CGI program in Stalkerlab Mailers 1.1.2 allows remote attackers to read arbitrary files by specifying the file in the $Attach$ hidden form variable.... Read more

    Affected Products : mailers
    • Published: Oct. 20, 2000
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-0762

    When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the "about" protocol to gain access to browser information.... Read more

    Affected Products : navigator communicator
    • Published: May. 24, 1999
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2001-0273

    pgp4pine Pine/PGP interface version 1.75-6 does not properly check to see if a public key has expired when obtaining the keys via Gnu Privacy Guard (GnuPG), which causes the message to be sent in cleartext.... Read more

    Affected Products : pgp4pine
    • Published: May. 03, 2001
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-0749

    Buffer overflow in Microsoft Telnet client in Windows 95 and Windows 98 via a malformed Telnet argument.... Read more

    Affected Products : windows_95 windows_98
    • Published: Aug. 16, 1999
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-1453

    Internet Explorer 4 allows remote attackers (malicious web site operators) to read the contents of the clipboard via the Internet WebBrowser ActiveX object.... Read more

    Affected Products : internet_explorer
    • Published: Feb. 02, 1999
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-0793

    Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet.... Read more

    Affected Products : internet_explorer
    • Published: Nov. 17, 1999
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2007-1858

    The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or hav... Read more

    Affected Products : tomcat
    • Published: May. 10, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-4807

    loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted TGA image that triggers an out-of-bounds memory read, a different issue than CVE-2006-4808.... Read more

    Affected Products : imlib2
    • Published: Nov. 07, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2010-2788

    Cross-site scripting (XSS) vulnerability in profileinfo.php in MediaWiki before 1.15.5, when wgEnableProfileInfo is enabled, allows remote attackers to inject arbitrary web script or HTML via the filter parameter.... Read more

    Affected Products : mediawiki
    • Published: Apr. 27, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2008-2960

    Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, when register_globals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries... Read more

    Affected Products : phpmyadmin
    • Published: Jul. 02, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2010-1796

    The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for ... Read more

    • Published: Jul. 30, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-3672

    KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial of service (application crash) by calling the replaceChild method on a DOM object, which triggers a null dereference, as demonstrated by calling document.replaceChild with a 0 (zero... Read more

    Affected Products : konqueror
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-5793

    The sPLT chunk handling code (png_set_sPLT function in pngset.c) in libpng 1.0.6 through 1.2.12 uses a sizeof operator on the wrong data type, which allows context-dependent attackers to cause a denial of service (crash) via malformed sPLT chunks that tri... Read more

    Affected Products : libpng
    • Published: Nov. 17, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2010-3172

    CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3.4.9, 3.6.x before 3.6.3, and 4.0.x before 4.0rc1, when Server Push is enabled in a web browser, allows remote attackers to inject arbitrary HTTP headers and content, and conduct HTTP re... Read more

    Affected Products : bugzilla
    • Published: Nov. 05, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2008-5161

    Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server for IB... Read more

    • Published: Nov. 19, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2008-3457

    Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in whi... Read more

    Affected Products : phpmyadmin
    • Published: Aug. 04, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2010-3862

    The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 throug... Read more

    • Published: Dec. 30, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-5229

    OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than... Read more

    Affected Products : openssh suse_linux
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2014-2420

    Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Deployment.... Read more

    Affected Products : jdk jre
    • Published: Apr. 16, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 292803 Results