Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2006-3563

    Cross-site scripting (XSS) vulnerability in gallery/thumb.php in Winged Gallery 1.0 allows remote attackers to inject arbitrary web script or HTML via the image parameter.... Read more

    Affected Products : winged_gallery
    • Published: Jul. 13, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2008-3715

    Cross-site scripting (XSS) vulnerability in inc-core-admin-editor-previouscolorsjs.php in the FlexCMS 2.5 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the PreviousColorsString parameter.... Read more

    Affected Products : flexcms
    • Published: Aug. 19, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2011-2477

    Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in Icinga before 1.4.1, when escape_html_tags is disabled, allow remote attackers to inject arbitrary web script or HTML via a JavaScript expression, as demonstrated by the onlo... Read more

    Affected Products : icinga
    • Published: Jun. 14, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2001-1521

    Cross-site scripting (XSS) vulnerability in user.php in PostNuke 0.64 allows remote attackers to inject arbitrary web script or HTML via the uname parameter.... Read more

    Affected Products : postnuke
    • Published: Dec. 31, 2001
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2001-0324

    Windows 98 and Windows 2000 Java clients allow remote attackers to cause a denial of service via a Java applet that opens a large number of UDP sockets, which prevents the host from establishing any additional UDP connections, and possibly causes a crash.... Read more

    Affected Products : windows_2000 windows_98
    • Published: May. 03, 2001
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-1753

    The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and f... Read more

    Affected Products : firefox mozilla navigator
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2013-0466

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Message Broker 7.0 before 7.0.0.6 and 8.0 before 8.0.0.2, when wsdl support is enabled on a SOAPInput node, allows remote attackers to inject arbitrary web script or HTML via a wsdl request that is... Read more

    Affected Products : websphere_message_broker
    • Published: Feb. 20, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-0760

    LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive filesystem, allows remote attackers to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization, as demonstrated by a request for index.PHP... Read more

    Affected Products : lighttpd
    • Published: Feb. 18, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2008-1176

    Cross-site scripting (XSS) vulnerability in function/sideblock.php in Affiliate Market (affmarket) 0.1 BETA allows remote attackers to inject arbitrary web script or HTML via the sideblock4 parameter.... Read more

    Affected Products : affiliate_market
    • Published: Mar. 06, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2009-1879

    Cross-site scripting (XSS) vulnerability in index.template.html in the express-install templates in the SDK in Adobe Flex before 3.4, when the installed Flash version is older than a specified requiredMajorVersion value, allows remote attackers to inject ... Read more

    Affected Products : flex_sdk
    • Published: Aug. 21, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-0723

    PHP remote file inclusion vulnerability in preview.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the php_script_path parameter.... Read more

    Affected Products : magic_news_lite
    • Published: Feb. 16, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2007-4831

    Multiple cross-site scripting (XSS) vulnerabilities in account_settings.php in TorrentTrader 1.07 allow remote attackers to inject arbitrary web script or HTML via the (1) avatar and (2) title parameters.... Read more

    Affected Products : torrenttrader
    • Published: Sep. 12, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2012-2907

    Cross-site scripting (XSS) vulnerability in the aberdeen_breadcrumb function in template.php in the Aberdeen theme 6.x-1.x before 6.x-1.11 for Drupal, when set to append the content title to the breadcrumb, allows remote attackers to inject arbitrary web ... Read more

    Affected Products : drupal aberdeen
    • Published: May. 21, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-6582

    Cross-site scripting (XSS) vulnerability in the Spambot module 6.x-3.x before 6.x-3.2 and 7.x-1.x before 7.x-1.1 for Drupal allows certain remote attackers to inject arbitrary web script or HTML via a stopforumspam.com API response, which is logged by the... Read more

    Affected Products : drupal spambot
    • Published: Aug. 20, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2001-0807

    Internet Explorer 5.0, and possibly other versions, may allow remote attackers (malicious web pages) to read known text files from a client's hard drive via a SCRIPT tag with a SRC value that points to the text file.... Read more

    Affected Products : internet_explorer
    • Published: Dec. 06, 2001
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-0396

    A race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of service.... Read more

    Affected Products : netbsd openbsd
    • Published: Feb. 17, 1999
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-0487

    The DHTML Edit ActiveX control in Internet Explorer allows remote attackers to read arbitrary files.... Read more

    Affected Products : internet_explorer
    • Published: May. 01, 1999
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2000-0006

    strace allows local users to read arbitrary files via memory mapped file names.... Read more

    Affected Products : linux_kernel strace
    • Published: Dec. 25, 1999
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2000-0768

    A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the "Frame Domain Verification" vulnerability.... Read more

    Affected Products : internet_explorer ie
    • Published: Oct. 20, 2000
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-0762

    When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the "about" protocol to gain access to browser information.... Read more

    Affected Products : navigator communicator
    • Published: May. 24, 1999
    • Modified: Apr. 03, 2025
Showing 20 of 293641 Results