Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2005-1696

    Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750 and 0.760RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) skin or (2) paletteid parameter to demo.php in the Xanthia module, or (3) the serverName parameter... Read more

    Affected Products : postnuke
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2000-0726

    CGIMail.exe CGI program in Stalkerlab Mailers 1.1.2 allows remote attackers to read arbitrary files by specifying the file in the $Attach$ hidden form variable.... Read more

    Affected Products : mailers
    • Published: Oct. 20, 2000
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2003-0956

    Multiple race conditions in the handling of O_DIRECT in Linux kernel prior to version 2.4.22 could cause stale data to be returned from the disk when handling sparse files, or cause incorrect data to be returned when a file is truncated as it is being rea... Read more

    Affected Products : linux_kernel
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-1922

    Microsoft Internet Explorer 5.5 and 6.0 allocates memory based on the memory size written in the BMP file instead of the actual BMP file size, which allows remote attackers to cause a denial of service (memory consumption) via a small BMP file with has a ... Read more

    Affected Products : internet_explorer
    • Published: Apr. 11, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-0331

    Directory traversal vulnerability in WinRAR 3.42 and earlier, when the user clicks on the ZIP file to extract it, allows remote attackers to create arbitrary files via a ... (triple dot) in the filename of the ZIP file.... Read more

    Affected Products : winrar
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-0110

    Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning dialog and possibly trick an unknowledgeable user into executing arbitrary code via a web page with a body element containing an onclick tag, as demonstrated... Read more

    Affected Products : internet_explorer ie
    • Published: Jan. 14, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-2126

    The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite fi... Read more

    • Published: Oct. 21, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2011-1058

    Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a java... Read more

    Affected Products : moinmoin
    • Published: Feb. 22, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2016-3291

    Microsoft Internet Explorer 11 and Microsoft Edge mishandle cross-origin requests, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."... Read more

    Affected Products : edge internet_explorer
    • Published: Sep. 14, 2016
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2003-0279

    Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php.... Read more

    Affected Products : php-nuke
    • Published: Jun. 16, 2003
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2015-2627

    Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to installation.... Read more

    Affected Products : jdk jre
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2012-2687

    Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject ... Read more

    Affected Products : http_server
    • Published: Aug. 22, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2010-2431

    The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file.... Read more

    Affected Products : cups
    • Published: Jun. 22, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2024-37181

    Time-of-check time-of-use race condition in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable information disclosure via adjacent access.... Read more

    Affected Products :
    • Published: Jan. 16, 2025
    • Modified: Jan. 16, 2025
    • Vuln Type: Race Condition

  • 2.6

    LOW
    CVE-2006-1908

    Cross-site scripting vulnerability in addevent.php in myEvent 1.x allows remote attackers to inject arbitrary web script or HTML via the event_desc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third... Read more

    Affected Products : myevent
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-0053

    Imager (libimager-perl) before 0.50 allows user-assisted attackers to cause a denial of service (segmentation fault) by writing a 2- or 4-channel JPEG image (or a 2-channel TGA image) to a scalar, which triggers a NULL pointer dereference.... Read more

    Affected Products : imager
    • Published: Apr. 10, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1045

    The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive informati... Read more

    Affected Products : thunderbird
    • Published: Mar. 07, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1494

    Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function.... Read more

    Affected Products : php
    • Published: Apr. 10, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2093

    Nessus before 2.2.8, and 3.x before 3.0.3, allows user-assisted attackers to cause a denial of service (memory consumption) via a NASL script that calls split with an invalid sep parameter. NOTE: a design goal of the NASL language is to facilitate sharin... Read more

    Affected Products : nessus
    • Published: Apr. 29, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-3164

    The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, whic... Read more

    • Published: Oct. 06, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 293262 Results