Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2006-4573

    Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences.... Read more

    Affected Products : screen
    • Published: Oct. 24, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-1945

    Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the config parameter. NOTE: this might be the same core issue as CVE-2005-2732.... Read more

    Affected Products : awstats awstats
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4303

    Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun Solaris 10 allows remote attackers to cause a denial of service ("tight loop" and CPU consumption for listener applications) via unknown vectors related to TCP fusion (do_tcp_fusion).... Read more

    Affected Products : solaris
    • Published: Aug. 23, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2008-5211

    Cross-site scripting (XSS) vulnerability in search.php in Sphider 1.3.4, when the search suggestion feature is enabled, allows remote attackers to inject arbitrary web script or HTML via the query parameter, a different vector than CVE-2006-2506.... Read more

    Affected Products : sphider
    • Published: Nov. 24, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2011-5146

    Bokken before 1.6 and 1.5-x before 1.5-3 for Debian allows local users to overwrite arbitrary files via a symlink attack on /tmp/graph.dot.... Read more

    Affected Products : bokken
    • Published: Aug. 31, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-3661

    Cross-site scripting (XSS) vulnerability in Index.PHP in CuteNews 1.4.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party inf... Read more

    Affected Products : cutenews
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1783

    Cross-site scripting (XSS) vulnerability in PatroNet CMS allows remote attackers to inject arbitrary web script or HTML via the URI.... Read more

    Affected Products : cms
    • Published: Apr. 13, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2545

    Multiple cross-site scripting (XSS) vulnerabilities in Xtreme Topsites 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in stats.php and (2) unspecified inputs in lostid.php, probably the searchthis parameter. NO... Read more

    Affected Products : xtreme_topsites
    • Published: May. 23, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2022-31017

    Zulip is an open-source team collaboration tool. Versions 2.1.0 through and including 5.2 are vulnerable to a logic error. A stream configured as private with protected history, where new subscribers should not be allowed to see messages sent before they ... Read more

    Affected Products : zulip zulip_server
    • Published: Jun. 25, 2022
    • Modified: Nov. 21, 2024

  • 2.6

    LOW
    CVE-2008-3715

    Cross-site scripting (XSS) vulnerability in inc-core-admin-editor-previouscolorsjs.php in the FlexCMS 2.5 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the PreviousColorsString parameter.... Read more

    Affected Products : flexcms
    • Published: Aug. 19, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2003-1306

    Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header ... Read more

    Affected Products : urlscan
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2020-25374

    CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers to discover internal pathnames by reading an error popup message after two hours of idle time.... Read more

    Affected Products : privileged_session_manager
    • Published: Oct. 28, 2020
    • Modified: Nov. 21, 2024

  • 2.6

    LOW
    CVE-2006-4807

    loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted TGA image that triggers an out-of-bounds memory read, a different issue than CVE-2006-4808.... Read more

    Affected Products : imlib2
    • Published: Nov. 07, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-0733

    Cross-site scripting (XSS) vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as (1) onfocus and (2) onblur in the "author's website" field. NOTE: followup comments to the resear... Read more

    Affected Products : wordpress
    • Published: Feb. 16, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2008-0334

    Cross-site scripting (XSS) vulnerability in pm/language/spanish/preferences.php in PMachine Pro 2.4.1 allows remote attackers to inject arbitrary web script or HTML via the L_PREF_NAME[855] parameter.... Read more

    Affected Products : pmachine_pro
    • Published: Jan. 17, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2025-46570

    vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.9.0, when a new prompt is processed, if the PageAttention mechanism finds a matching prefix chunk, the prefill process speeds up, which is reflected in the TTFT (... Read more

    Affected Products : vllm
    • Published: May. 29, 2025
    • Modified: Jun. 24, 2025
    • Vuln Type: Information Disclosure

  • 2.6

    LOW
    CVE-2008-0266

    Cross-site request forgery (CSRF) vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks. NOTE: either the old password must be known, or the attacker mu... Read more

    Affected Products : eticket
    • Published: Jan. 15, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2025-48938

    go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands... Read more

    Affected Products :
    • Published: May. 30, 2025
    • Modified: Jun. 02, 2025
    • Vuln Type: Path Traversal

  • 2.6

    LOW
    CVE-2012-6618

    The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a crafted MP3 file, possibly related to frame size or lack of s... Read more

    Affected Products : ffmpeg
    • Published: Dec. 24, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-5793

    The sPLT chunk handling code (png_set_sPLT function in pngset.c) in libpng 1.0.6 through 1.2.12 uses a sizeof operator on the wrong data type, which allows context-dependent attackers to cause a denial of service (crash) via malformed sPLT chunks that tri... Read more

    Affected Products : libpng
    • Published: Nov. 17, 2006
    • Modified: Apr. 09, 2025
Showing 20 of 293542 Results