Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2005-2343

    Research in Motion (RIM) BlackBerry Handheld web browser for BlackBerry Handheld before 4.0.2 allows remote attackers to cause a denial of service (hang) via a Java Application Description (JAD) file with a long application name and vendor string, which p... Read more

    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-1678

    Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 does not properly display file extensions on attached or embedded files in a compound document, which may allow remote attackers to trick user... Read more

    Affected Products : virtual_office groove_workspace
    • Published: May. 20, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-1346

    Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 11.0.0, Web Security Web Security 3.0.1.72, Mail Security for SMTP 4.0.5.66, AntiVirus Scan Engine 4.3.7.27, SAV/Filter for Domino NT 3.1.1.87, and Mail Security for Exchange 4.5.4.743,... Read more

    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-1301

    nProtect:Netizen 2005.3.17.1 does not properly verify that the update module is downloaded from an authorized site, which allows remote malicious web sites to write arbitrary files.... Read more

    Affected Products : netizen
    • Published: Apr. 13, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2262

    Cross-site scripting (XSS) vulnerability in index.php in singapore 0.9.7 allows remote attackers to inject arbitrary web script or HTML via the image parameter.... Read more

    Affected Products : singapore
    • Published: May. 09, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-0593

    Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP server that uses SSL, which causes th... Read more

    Affected Products : firefox mozilla
    • Published: Mar. 04, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-0110

    Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning dialog and possibly trick an unknowledgeable user into executing arbitrary code via a web page with a body element containing an onclick tag, as demonstrated... Read more

    Affected Products : internet_explorer ie
    • Published: Jan. 14, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-1385

    Safari 1.3 allows remote attackers to cause a denial of service (application crash) via a long https URL that triggers a NULL pointer dereference.... Read more

    Affected Products : safari
    • Published: May. 03, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2015-4508

    Mozilla Firefox before 41.0, when reader mode is enabled, allows remote attackers to spoof the relationship between address-bar URLs and web content via a crafted web site.... Read more

    Affected Products : firefox
    • Published: Sep. 24, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2005-2056

    The Quantum archive decompressor in Clam AntiVirus (ClamAV) before 0.86.1 allows remote attackers to cause a denial of service (application crash) via a crafted Quantum archive.... Read more

    Affected Products : clamav
    • Published: Jun. 29, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2014-9507

    MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content model for a revision to JS.... Read more

    Affected Products : mediawiki
    • Published: Jan. 04, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2005-2274

    Microsoft Internet Explorer 6.0 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofi... Read more

    Affected Products : internet_explorer
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2011-0865

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affe... Read more

    Affected Products : jre jdk
    • Published: Jun. 14, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2015-0504

    Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Error Messages.... Read more

    Affected Products : e-business_suite
    • Published: Apr. 16, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2011-5193

    Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin 1.4.2.3 for WordPress, when the WHOIS widget is enabled, allows remote attackers to inject arbitrary web script or HTML via the domain parameter to ... Read more

    Affected Products : wordpress samswhois
    • Published: Sep. 23, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-1253

    Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.7, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via vectors involving an embedded image attachment.... Read more

    Affected Products : webmail roundcube_webmail
    • Published: Jun. 04, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2014-9478

    Cross-site scripting (XSS) vulnerability in the preview in the ExpandTemplates extension for MediaWiki, when $wgRawHTML is set to true, allows remote attackers to inject arbitrary web script or HTML via the wpInput parameter to the Special:ExpandTemplates... Read more

    Affected Products : mediawiki
    • Published: Jan. 16, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2012-0099

    Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to sshd.... Read more

    Affected Products : sunos solaris
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-0856

    Heap-based buffer overflow in the MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg before 0.9.1, when the lowres option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted H263 media file. NOTE: ... Read more

    Affected Products : ffmpeg
    • Published: Aug. 20, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2011-4872

    Multiple HTC Android devices including Desire HD FRG83D and GRI40, Glacier FRG83, Droid Incredible FRF91, Thunderbolt 4G FRG83D, Sensation Z710e GRI40, Sensation 4G GRI40, Desire S GRI40, EVO 3D GRI40, and EVO 4G GRI40 allow remote attackers to obtain 802... Read more

    • Published: Feb. 05, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 293289 Results