Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2024-47784

    Unverified Password Change for ANC software that allows an authenticated attacker to bypass the old Password check in the password change form via a web HMI This issue affects ANC software version 1.1.4 and earlier.... Read more

    Affected Products :
    • Published: Apr. 30, 2025
    • Modified: May. 02, 2025
    • Vuln Type: Authentication

  • 2.6

    LOW
    CVE-2012-5307

    Cross-site scripting (XSS) vulnerability in servlet/traveler in IBM Lotus Notes Traveler before 8.5.3.3 Interim Fix 1, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via the redirectURL parameter, a different vulnerab... Read more

    Affected Products : lotus_notes_traveler notes_traveler
    • Published: Oct. 08, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2024-32771

    An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary n... Read more

    Affected Products : quts_hero qts qutscloud
    • Published: Sep. 06, 2024
    • Modified: Sep. 20, 2024

  • 2.6

    LOW
    CVE-2010-1157

    Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm f... Read more

    Affected Products : tomcat
    • Published: Apr. 23, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2010-0650

    WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event.... Read more

    Affected Products : ubuntu_linux chrome safari
    • Published: Feb. 18, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-4624

    CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI.... Read more

    Affected Products : mailman
    • Published: Sep. 07, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2013-5099

    Cross-site scripting (XSS) vulnerability in article.php in Anchor CMS 0.9.1, when comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Name field. NOTE: some sources have reported that comments.php is vulnerable, b... Read more

    Affected Products : anchor_cms
    • Published: Aug. 09, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-4505

    The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL... Read more

    Affected Products : subversion mod_dontdothat
    • Published: Dec. 07, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-5137

    IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API.... Read more

    Affected Products : iphone_os
    • Published: Sep. 19, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-0800

    Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML tags with a trailing "<" character, which is interpreted as a ">" character by some web browsers but bypasses the blacklis... Read more

    Affected Products : postnuke
    • Published: Feb. 20, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2013-2037

    httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attack... Read more

    Affected Products : ubuntu_linux httplib2
    • Published: Jan. 18, 2014
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-5559

    Cross-site scripting (XSS) vulnerability in the page manager node view task in the Chaos tool suite (ctools) module 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with permissions to submit or edit nodes to inject arbitrary web scrip... Read more

    Affected Products : ctools
    • Published: Dec. 03, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-2071

    java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request ... Read more

    Affected Products : tomcat
    • Published: Jun. 01, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-2093

    Nessus before 2.2.8, and 3.x before 3.0.3, allows user-assisted attackers to cause a denial of service (memory consumption) via a NASL script that calls split with an invalid sep parameter. NOTE: a design goal of the NASL language is to facilitate sharin... Read more

    Affected Products : nessus
    • Published: Apr. 29, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-0053

    Imager (libimager-perl) before 0.50 allows user-assisted attackers to cause a denial of service (segmentation fault) by writing a 2- or 4-channel JPEG image (or a 2-channel TGA image) to a scalar, which triggers a NULL pointer dereference.... Read more

    Affected Products : imager
    • Published: Apr. 10, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-0180

    The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405.... Read more

    Affected Products : cvs
    • Published: Jun. 01, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1045

    The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive informati... Read more

    Affected Products : thunderbird
    • Published: Mar. 07, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2016

    Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engi... Read more

    Affected Products : debian_linux phpldapadmin
    • Published: Apr. 25, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1494

    Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function.... Read more

    Affected Products : php
    • Published: Apr. 10, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1908

    Cross-site scripting vulnerability in addevent.php in myEvent 1.x allows remote attackers to inject arbitrary web script or HTML via the event_desc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third... Read more

    Affected Products : myevent
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293261 Results