Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2018-0942

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow elevation of privilege, due to how Interne... Read more

    • Published: Mar. 14, 2018
    • Modified: Nov. 21, 2024

  • 2.6

    LOW
    CVE-2024-52513

    Nextcloud Server is a self hosted personal cloud system. After receiving a "Files drop" or "Password protected" share link a malicious user was able to download attachments that are referenced in Text files without providing the password. It is recommende... Read more

    Affected Products : notes
    • Published: Nov. 15, 2024
    • Modified: Nov. 18, 2024

  • 2.6

    LOW
    CVE-2009-2268

    Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : java_system_access_manager
    • Published: Jul. 01, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2011-3224

    The User Documentation component in Apple Mac OS X through 10.6.8 uses http sessions for updates to App Store help information, which allows man-in-the-middle attackers to execute arbitrary code by spoofing the http server.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Oct. 14, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2004-1451

    Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facilitate phishing attacks.... Read more

    Affected Products : mozilla
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-5614

    Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, allows remote attackers to cause a denial of service (svchost.exe crash) via a malformed DNS query, which results in a null pointer dere... Read more

    • Published: Oct. 31, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-4573

    Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences.... Read more

    Affected Products : screen
    • Published: Oct. 24, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2007-1558

    The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, in... Read more

    Affected Products : apop_protocol
    • Published: Apr. 16, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2009-0796

    Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.... Read more

    Affected Products : mod_perl http_server
    • Published: Apr. 07, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-1945

    Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the config parameter. NOTE: this might be the same core issue as CVE-2005-2732.... Read more

    Affected Products : awstats awstats
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2025-0252

    HCL IEM is affected by a password in cleartext vulnerability.  Sensitive information is transmitted without adequate protection, potentially exposing it to unauthorized access during transit.... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Cryptography

  • 2.6

    LOW
    CVE-2025-10216

    A vulnerability was detected in GrandNode up to 2.3.0. The impacted element is an unknown function of the file /checkout/ConfirmOrder/ of the component Voucher Handler. The manipulation of the argument giftvouchercouponcode results in race condition. The ... Read more

    Affected Products :
    • Published: Sep. 10, 2025
    • Modified: Sep. 11, 2025
    • Vuln Type: Race Condition

  • 2.6

    LOW
    CVE-2010-5143

    McAfee VirusScan Enterprise before 8.8 allows local users to disable the product by leveraging administrative privileges to execute an unspecified Metasploit Framework module.... Read more

    Affected Products : virusscan_enterprise
    • Published: Aug. 22, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2010-4883

    Cross-site scripting (XSS) vulnerability in manager/index.php in MODx Revolution 2.0.2-pl allows remote attackers to inject arbitrary web script or HTML via the modhash parameter.... Read more

    Affected Products : modx_revolution revolution
    • Published: Oct. 07, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-5069

    Cross-site scripting (XSS) vulnerability in class.tx_indexedsearch.php in the Indexed Search 2.9.0 extension for Typo3 before 4.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.... Read more

    Affected Products : typo3
    • Published: Sep. 28, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2005-2268

    Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog... Read more

    Affected Products : firefox mozilla
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1457

    Safari on Apple Mac OS X 10.4.6, when "Open `safe' files after downloading" is enabled, will automatically expand archives, which could allow remote attackers to overwrite arbitrary files via an archive that contains a symlink.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: May. 12, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1418

    Cross-site scripting (XSS) vulnerability in default.asp in Caloris Planitia E-School Management System 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.... Read more

    Affected Products : e-school_management_system
    • Published: Mar. 28, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-2302

    Race condition in the sysfs_read_file and sysfs_write_file functions in Linux kernel before 2.6.10 allows local users to read kernel memory and cause a denial of service (crash) via large offsets in sysfs files.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1675

    Multiple cross-site scripting (XSS) vulnerabilities in PHPWebGallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) num, and (3) search parameters to (a) category.php, and the (4) slideshow, (5) show_metadata, and... Read more

    Affected Products : phpwebgallery
    • Published: Apr. 10, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293542 Results