Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2024-7998

    In affected versions of Octopus Server OIDC cookies were using the wrong expiration time which could result in them using the maximum lifespan.... Read more

    Affected Products : linux_kernel windows octopus_server
    • Published: Aug. 21, 2024
    • Modified: Jul. 02, 2025

  • 2.6

    LOW
    CVE-2015-6627

    The Audio component in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information via a crafted audio file, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24211743.... Read more

    Affected Products : android
    • Published: Dec. 08, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2005-3738

    globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content... Read more

    Affected Products : mambo_site_server
    • Published: Nov. 22, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2002-0069

    Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service.... Read more

    Affected Products : squid linux squid
    • Published: Mar. 08, 2002
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2009-0433

    Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1.x before 5.1.1.19, 6.0.x before 6.0.2.29, and 6.1.x before 6.1.0.19, when Web Server plug-in content buffering is enabled, allows attackers to cause a denial of service (daemon crash)... Read more

    Affected Products : websphere_application_server
    • Published: Feb. 10, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2009-0354

    Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting (XSS) attacks, via vectors invol... Read more

    Affected Products : firefox
    • Published: Feb. 04, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-4685

    The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.... Read more

    Affected Products : xml_core_services xml_parser
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2013-0158

    Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before 1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x before 1.466.12.1, when a slave is attached and anonymous read access is enabled, allows remote attackers to obtain ... Read more

    Affected Products : jenkins jenkins
    • Published: Feb. 24, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2015-4744

    Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0 allows remote attackers... Read more

    Affected Products : fusion_middleware
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2006-2332

    Mozilla Firefox 1.5.0.3 allows remote attackers to cause a denial of service via a web page with a large number of IMG elements in which the SRC attribute is a mailto URI. NOTE: another researcher found that the web page caused a temporary browser slowdo... Read more

    Affected Products : firefox
    • Published: May. 12, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2013-0962

    Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 6.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted content that is not properly handled during a copy-and-paste operation.... Read more

    Affected Products : iphone_os
    • Published: Jan. 29, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-4259

    Cross-site scripting (XSS) vulnerability in index.php in Fotopholder 1.8 allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: this might be resultant from a directory traversal vulnerability.... Read more

    Affected Products : fotopholder
    • Published: Aug. 21, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2163

    Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart 3.33 and earlier allows remote attackers to inject arbitrary web script or HTML via the setbackurl parameter.... Read more

    Affected Products : pinnacle_cart
    • Published: May. 04, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2265

    Cross-site scripting vulnerability in admin/main.asp in Ocean12 Calendar Manager Pro 1.00 allows remote attackers to inject arbitrary web script or HTML via the date parameter. NOTE: the provenance of this information is unknown; the details are obtained... Read more

    Affected Products : calendar_manager_pro
    • Published: May. 09, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2312

    Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches.... Read more

    Affected Products : windows skype
    • Published: May. 19, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2258

    Cross-site scripting (XSS) vulnerability in Logon.asp in MaxxSchedule 1.0 allows remote attackers to inject arbitrary web script or HTML via the Error parameter.... Read more

    Affected Products : maxxschedule
    • Published: May. 09, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2015-7046

    The Sandbox feature in xnu in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not properly implement privilege separation, which allows attackers to bypass the ASLR protection mechanism via a crafted app with root p... Read more

    Affected Products : mac_os_x iphone_os tvos watchos
    • Published: Dec. 11, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2006-4374

    IrfanView 3.98 (with plugins) allows user-assisted attackers to cause a denial of service (application crash) via a crafted ANI image file, possibly due to a buffer overflow.... Read more

    Affected Products : irfanview
    • Published: Aug. 26, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-2219

    Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake.... Read more

    Affected Products : internet_explorer ie
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2003-1129

    Buffer overflow in the Yahoo! Audio Conferencing (aka Voice Chat) ActiveX control before 1,0,0,45 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a URL with a long hostname to Yahoo! Messenger or Yahoo! Chat.... Read more

    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025
Showing 20 of 292811 Results