Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2014-1948

    OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users t... Read more

    • Published: Feb. 14, 2014
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-6483

    Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML tags when protecting against cross-site scripting (XSS) attacks, which allows remote attackers to inject arbitrary web script or HTML via a NULL byte (%00) in certain HTML tags, as demonst... Read more

    Affected Products : coldfusion
    • Published: Dec. 12, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-5215

    The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink... Read more

    Affected Products : solaris sunos netbsd xdm
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2009-5085

    IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when configured as an OpenID provider, does not delete the site information cookie in response to a user's deletion of a relying-party trust entry, which allows user-assisted remote attack... Read more

    Affected Products : tivoli_federated_identity_manager
    • Published: Aug. 12, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2014-6558

    Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security.... Read more

    Affected Products : jdk jre jrockit
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2009-0286

    Directory traversal vulnerability in upgrade/index.php in OpenGoo 1.1, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the form_data[script_class] parameter.... Read more

    Affected Products : opengoo
    • Published: Jan. 27, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2009-0455

    Cross-site scripting (XSS) vulnerability in the anonymous comments feature in lib-comment.php in glFusion 1.1.0, 1.1.1, and earlier versions allows remote attackers to inject arbitrary web script or HTML via the username parameter to comment.php.... Read more

    Affected Products : glfusion
    • Published: Feb. 11, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2009-1614

    Multiple cross-site scripting (XSS) vulnerabilities in Leap CMS 0.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the msg parameter (aka the message in an article comment) or (2) the searchterm parameter (aka the search post form... Read more

    Affected Products : leap
    • Published: May. 11, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2009-2492

    Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-2480.... Read more

    Affected Products : movable_type movable_type movable_type
    • Published: Jul. 17, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-4570

    Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with "Load Images" enabled, allows remote user-assisted attackers to bypass settings that disable JavaScript via a remote XBL file in a message that is loaded when the user views, forwards, or... Read more

    Affected Products : thunderbird seamonkey
    • Published: Sep. 15, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-0802

    Cross-site scripting (XSS) vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is enabled, allows remote attackers to inject arbitrary web script or HTML via the language parameter in a missing or translation ope... Read more

    Affected Products : postnuke
    • Published: Feb. 20, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-0790

    A remote attacker can read information from a Netscape user's cache via JavaScript.... Read more

    Affected Products : communicator
    • Published: Apr. 01, 2000
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-1001

    Cisco Cache Engine allows a remote attacker to gain access via a null username and password.... Read more

    Affected Products : cache_engine
    • Published: Dec. 16, 1999
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-0797

    NIS finger allows an attacker to conduct a denial of service via a large number of finger requests, resulting in a large number of NIS queries.... Read more

    Affected Products : sunos
    • Published: Jun. 29, 1998
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-1489

    Opera 7.54 and earlier does not properly limit an applet's access to internal Java packages from Sun, which allows remote attackers to gain sensitive information, such as user names and the installation directory.... Read more

    Affected Products : opera_browser
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-0871

    Internet Explorer 4.0 and 4.01 allow a remote attacker to read files via IE's cross frame security, aka the "Cross Frame Navigate" vulnerability.... Read more

    Affected Products : internet_explorer
    • Published: Sep. 04, 1998
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-0031

    JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability.... Read more

    Affected Products : internet_explorer communicator
    • Published: Jul. 08, 1997
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2000-1003

    NETBIOS client in Windows 95 and Windows 98 allows a remote attacker to cause a denial of service by changing a file sharing service to return an unknown driver type, which causes the client to crash.... Read more

    Affected Products : windows_95 windows_98 windows_98se
    • Published: Dec. 11, 2000
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-1396

    Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (application crash or CPU consumption) via (1) an mp4 or m4a playlist file that contains invalid tag data or (2) an invalid .nsv or .nsa file.... Read more

    Affected Products : winamp
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-0869

    Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing.... Read more

    Affected Products : internet_explorer navigator
    • Published: Dec. 01, 1998
    • Modified: Apr. 03, 2025
Showing 20 of 293298 Results