Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2011-2694

    Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username par... Read more

    Affected Products : ubuntu_linux debian_linux samba
    • Published: Jul. 29, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2005-1918

    The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably inv... Read more

    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3841

    Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before bein... Read more

    Affected Products : webscarab
    • Published: Jul. 25, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1418

    Cross-site scripting (XSS) vulnerability in default.asp in Caloris Planitia E-School Management System 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.... Read more

    Affected Products : e-school_management_system
    • Published: Mar. 28, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4808

    Heap-based buffer overflow in loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TGA image.... Read more

    Affected Products : imlib2
    • Published: Nov. 07, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-0388

    Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 allows remote attackers to redirect users to local files and execute arbitrary JavaScript via unspecified vectors involving HTTP redirection to local resources.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Mar. 03, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2012-1164

    slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned.... Read more

    Affected Products : openldap
    • Published: Jun. 29, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2008-3398

    Multiple cross-site scripting (XSS) vulnerabilities in XRMS CRM 1.99.2 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to unspecified components, possibly including login.php. NOTE: this may overlap CVE-2008-1129.... Read more

    Affected Products : xrms_crm
    • Published: Jul. 31, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2008-4164

    cron.php in MemHT Portal 3.9.0 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message.... Read more

    Affected Products : memht_portal
    • Published: Sep. 22, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2012-1693

    Unspecified vulnerability in Oracle SPARC Enterprise M Series Servers XCP 1110 allows remote attackers to affect availability, related to XSCF Control Package (XCP).... Read more

    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2009-4249

    Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) lastusername and (2) mod parameters... Read more

    Affected Products : cutenews
    • Published: Dec. 10, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2014-6558

    Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security.... Read more

    Affected Products : jdk jre jrockit
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2009-5085

    IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when configured as an OpenID provider, does not delete the site information cookie in response to a user's deletion of a relying-party trust entry, which allows user-assisted remote attack... Read more

    Affected Products : tivoli_federated_identity_manager
    • Published: Aug. 12, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2009-4652

    The (1) Conn_GetCipherInfo and (2) Conn_UsesSSL functions in src/ngircd/conn.c in ngIRCd 13 and 14, when SSL/TLS support is present and standalone mode is disabled, allow remote attackers to cause a denial of service (application crash) by sending the MOT... Read more

    Affected Products : ngircd ngircd
    • Published: Feb. 26, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2009-2492

    Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-2480.... Read more

    Affected Products : movable_type movable_type movable_type
    • Published: Jul. 17, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2012-3368

    Integer signedness error in attach.c in dtach 0.8 allows remote attackers to obtain sensitive information from daemon stack memory in opportunistic circumstances by reading application data after an improper connection-close request, as demonstrated by ru... Read more

    Affected Products : dtach
    • Published: Jul. 03, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2000-0006

    strace allows local users to read arbitrary files via memory mapped file names.... Read more

    Affected Products : linux_kernel strace
    • Published: Dec. 25, 1999
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2000-0406

    Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Su... Read more

    Affected Products : communicator
    • Published: May. 10, 2000
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2001-0092

    A function in Internet Explorer 5.0 through 5.5 does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a new variant of the "Frame Domain Verification" vulnerability.... Read more

    Affected Products : internet_explorer
    • Published: Feb. 16, 2001
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4914

    Directory traversal vulnerability in A.l-Pifou 1.8p2 allows remote attackers to read arbitrary files via ".." sequences in the ze_langue_02 cookie, as demonstrated by using the choix_lng parameter to choix_langue.php to indirectly set the cookie, then acc... Read more

    Affected Products : a.l-pifou
    • Published: Sep. 21, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293360 Results