Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2004-1495

    The Repair Archive command in WinRAR 3.40 allows remote attackers to cause a denial of service (application crash) via a corrupt ZIP archive.... Read more

    Affected Products : winrar
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2001-0685

    Thibault Godouet FCron prior to 1.1.1 allows a local user to corrupt another user's crontab file via a symlink attack on the fcrontab temporary file.... Read more

    Affected Products : fcron
    • Published: Sep. 20, 2001
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-0704

    iE Integrator 4.4.220114, when configured without a "bespoke error page" in acm.ini, allows remote attackers to obtain sensitive information via a URL that calls a non-existent .aspx script in the integrator/apps directory, which results in an error messa... Read more

    Affected Products : ie_integrator
    • Published: Feb. 15, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2003-1135

    Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to cause a denial of service (crash) via a file send request (sendfile) with a large number of "%" (percent) characters after the Yahoo ID.... Read more

    Affected Products : messenger
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4726

    Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 6.1 through 7.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a ColdFusion error page.... Read more

    Affected Products : coldfusion
    • Published: Sep. 14, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2000-0892

    Some telnet clients allow remote telnet servers to request environment variables from the client that may contain sensitive information, or remote web servers to obtain the information via a telnet: URL.... Read more

    Affected Products : openlinux u_win
    • Published: Jul. 21, 2001
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4739

    Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the OriginalImageData parameter to phpthumb.php.... Read more

    Affected Products : jetbox_cms
    • Published: Sep. 13, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-2530

    Visual truncation vulnerability in Gadu-Gadu allows remote attackers to spoof the file extension on transmitted files via a filename with a large number of spaces followed by the real extension, which is not displayed in the dialog box.... Read more

    Affected Products : gadu-gadu_instant_messenger
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2015-7412

    The GatewayScript modules on IBM DataPower Gateways with software 7.2.0.x before 7.2.0.1, when the GatewayScript decryption API or a JWE decrypt action is enabled, do not require signed ciphertext data, which makes it easier for remote attackers to obtain... Read more

    Affected Products : datapower_gateway
    • Published: Nov. 08, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2015-4387

    Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Password Policy module 6.x-1.x before 6.x-1.11 and 7.x-1.x before 7.x-1.11 for Drupal, when a site has a policy that uses the username constraint, allows remote attackers ... Read more

    Affected Products : password_policy password_policy
    • Published: Jun. 15, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2006-5404

    Unspecified vulnerability in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to obtain sensitive information via unspeci... Read more

    • Published: Oct. 19, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-4685

    The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.... Read more

    Affected Products : xml_core_services xml_parser
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-5432

    Multiple direct static code injection vulnerabilities in db/txt.inc.php in phpPowerCards 2.10, when register_globals is enabled, allow remote attackers to create or overwrite arbitrary files via the (1) email[to], (2) email[from], (3) name[to], (4) name[f... Read more

    Affected Products : phppowercards
    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2022-3521

    A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race condition. It is recommended to apply a pa... Read more

    Affected Products : linux_kernel debian_linux
    • Published: Oct. 16, 2022
    • Modified: Nov. 21, 2024

  • 2.6

    LOW
    CVE-2006-5477

    Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form submissions to be redirected, which allows remote attackers to obtain arbitrary form information via a crafted URL.... Read more

    Affected Products : drupal
    • Published: Oct. 24, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-5451

    Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) file, and (3) users array variables in (a) admin.php, which are not properly handled when the admi... Read more

    Affected Products : torrentflux
    • Published: Oct. 23, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-5791

    Multiple cross-site scripting (XSS) vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the filename for downloading, which is not quoted in an error message by the send_file_direct fu... Read more

    Affected Products : elog_web_logbook
    • Published: Nov. 07, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-5455

    Cross-site request forgery (CSRF) vulnerability in editversions.cgi in Bugzilla before 2.22.1 and 2.23.x before 2.23.3 allows user-assisted remote attackers to create, modify, or delete arbitrary bug reports via a crafted URL.... Read more

    Affected Products : bugzilla
    • Published: Oct. 23, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-3841

    Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before bein... Read more

    Affected Products : webscarab
    • Published: Jul. 25, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1899

    Multiple cross-site scripting (XSS) vulnerabilities in dev Neuron Blog 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) website parameters.... Read more

    Affected Products : neuron_blog
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293289 Results