Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2010-0808

    Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not prevent script from simulating user interaction with the AutoComplete feature, which allows remote attackers to obtain sensitive form information via a crafted web site, aka "AutoComplet... Read more

    • Published: Oct. 13, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-4624

    CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI.... Read more

    Affected Products : mailman
    • Published: Sep. 07, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-0898

    Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael.... Read more

    Affected Products : crypt_cbc
    • Published: Feb. 25, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-3110

    Race condition in ebtables netfilter module (ebtables.c) in Linux 2.6, when running on an SMP system that is operating under a heavy load, might allow remote attackers to cause a denial of service (crash) via a series of packets that cause a value to be m... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: Sep. 30, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-1449

    Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control.... Read more

    Affected Products : thunderbird mozilla firebird
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-2534

    Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not enabled, allows remote attackers to cause a denial of service (server crash) via simultaneous TCP connections from multiple clients that use the same client certificate.... Read more

    Affected Products : openvpn
    • Published: Aug. 24, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2012-0954

    APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (M... Read more

    Affected Products : advanced_package_tool apt
    • Published: Jun. 19, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2005-0586

    Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content.... Read more

    Affected Products : firefox mozilla
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2466

    BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote attackers to obtain the source code of JSP pages during certain circumstances related to a "timing window" when a compilation error occurs, aka the "JSP showcode vulnerability."... Read more

    Affected Products : weblogic_server
    • Published: May. 19, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2024-1656

    Affected versions of Octopus Server had a weak content security policy.... Read more

    Affected Products : linux_kernel windows octopus_server
    • Published: Sep. 11, 2024
    • Modified: Jul. 02, 2025

  • 2.6

    LOW
    CVE-2006-5511

    Direct static code injection vulnerability in delete.php in JaxUltraBB (JUBB) 2.0, when register_globals is enabled, allows remote attackers to inject arbitrary web script, HTML, or PHP via the contents parameter, whose value is prepended to the file spec... Read more

    Affected Products : jaxultrabb
    • Published: Oct. 25, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2007-3688

    Multiple cross-site request forgery (CSRF) vulnerabilities in DotClear 1.2.6 allow remote attackers to perform actions as arbitrary users via the (1) tool_url parameter to ecrire/tools.php and multiple fields on the (2) blogconf, (3) blogroll, (4) ecrire/... Read more

    Affected Products : dotclear
    • Published: Jul. 11, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-2897

    Cross-site scripting (XSS) vulnerability in FunkBoard 0.71 allows remote attackers to inject arbitrary HTML or web script via unspecified vectors.... Read more

    Affected Products : funkboard
    • Published: Jun. 07, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-0485

    Remote attackers can cause a system crash through ipintr() in ipq in OpenBSD.... Read more

    Affected Products : openbsd
    • Published: Feb. 19, 1999
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2012-4469

    Cross-site scripting (XSS) vulnerability in the Hashcash module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.2 for Drupal, when "Log failed hashcash" is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid token, which... Read more

    Affected Products : drupal hashcash
    • Published: Nov. 30, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2025-0148

    Missing password field masking in the Zoom Jenkins Marketplace plugin before version 1.6 may allow an unauthenticated user to conduct a disclosure of information via adjacent network access.... Read more

    Affected Products :
    • Published: Feb. 03, 2025
    • Modified: Feb. 03, 2025
    • Vuln Type: Information Disclosure

  • 2.6

    LOW
    CVE-2012-0513

    Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect integrity, related to REST Services.... Read more

    Affected Products : e-business_suite
    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-1792

    Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Setup/Application/Install/RPC/DBCheck.php in OSCommerce Online Merchant 3.0.2, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the... Read more

    Affected Products : online_merchant
    • Published: May. 27, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2008-3712

    Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.2 and 4.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to mambots/editors/mostlyce/jscripts/tiny_mce/filemanage... Read more

    Affected Products : mambo
    • Published: Aug. 19, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2012-5183

    The Loctouch application 3.4.6 and earlier for Android allows attackers to obtain sensitive information about logged locations via a crafted application that leverages read permission for system log files.... Read more

    Affected Products : loctouch
    • Published: Dec. 26, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 293644 Results