Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2006-1833

    Intel RNG Driver in NetBSD 1.6 through 3.0 may incorrectly detect the presence of the pchb interface, which will cause it to always generate the same random number, which allows remote attackers to more easily crack encryption keys generated from the inte... Read more

    Affected Products : netbsd
    • Published: Apr. 19, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2545

    Multiple cross-site scripting (XSS) vulnerabilities in Xtreme Topsites 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in stats.php and (2) unspecified inputs in lostid.php, probably the searchthis parameter. NO... Read more

    Affected Products : xtreme_topsites
    • Published: May. 23, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2406

    Directory traversal vulnerability in bb_lib/abbc.css.php in Unclassified NewsBoard (UNB) 1.5.3-d and possibly earlier versions, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing ... Read more

    Affected Products : unclassified_newsboard
    • Published: May. 16, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2014-9433

    Multiple cross-site scripting (XSS) vulnerabilities in cms/front_content.php in Contenido before 4.9.6, when advanced mod rewrite (AMR) is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) idart, (2) lang, or (3) idcat pa... Read more

    Affected Products : contendio
    • Published: Dec. 31, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2011-2477

    Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in Icinga before 1.4.1, when escape_html_tags is disabled, allow remote attackers to inject arbitrary web script or HTML via a JavaScript expression, as demonstrated by the onlo... Read more

    Affected Products : icinga
    • Published: Jun. 14, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2008-4893

    Cross-site scripting (XSS) vulnerability in templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php in Tribiq CMS 5.0.10a, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the template_path parame... Read more

    Affected Products : tribiq_cms
    • Published: Nov. 04, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2015-7304

    Cross-site scripting (XSS) vulnerability in the amoCRM module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP POST data.... Read more

    Affected Products : amocrm
    • Published: Sep. 21, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2012-6582

    Cross-site scripting (XSS) vulnerability in the Spambot module 6.x-3.x before 6.x-3.2 and 7.x-1.x before 7.x-1.1 for Drupal allows certain remote attackers to inject arbitrary web script or HTML via a stopforumspam.com API response, which is logged by the... Read more

    Affected Products : drupal spambot
    • Published: Aug. 20, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2010-2414

    Unspecified vulnerability in the (1) Sun Convergence 1 and (2) Sun Java Communications Suite 7 components in Oracle Sun Products Suite 1.0 and 7.0 allows remote attackers to affect confidentiality via unknown vectors.... Read more

    Affected Products : sun_products_suite
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-3300

    IBM WebSphere Commerce 7.0 before 7.0.0.6, when persistent sessions and personalization IDs are enabled, allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors.... Read more

    Affected Products : websphere_commerce
    • Published: Sep. 25, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-2907

    Cross-site scripting (XSS) vulnerability in the aberdeen_breadcrumb function in template.php in the Aberdeen theme 6.x-1.x before 6.x-1.11 for Drupal, when set to append the content title to the breadcrumb, allows remote attackers to inject arbitrary web ... Read more

    Affected Products : drupal aberdeen
    • Published: May. 21, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2003-1306

    Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header ... Read more

    Affected Products : urlscan
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2009-1879

    Cross-site scripting (XSS) vulnerability in index.template.html in the express-install templates in the SDK in Adobe Flex before 3.4, when the installed Flash version is older than a specified requiredMajorVersion value, allows remote attackers to inject ... Read more

    Affected Products : flex_sdk
    • Published: Aug. 21, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2008-1176

    Cross-site scripting (XSS) vulnerability in function/sideblock.php in Affiliate Market (affmarket) 0.1 BETA allows remote attackers to inject arbitrary web script or HTML via the sideblock4 parameter.... Read more

    Affected Products : affiliate_market
    • Published: Mar. 06, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2008-5944

    Cross-site scripting (XSS) vulnerability in modules.php in NavBoard 16 (2.6.0) allows remote attackers to inject arbitrary web script or HTML via the module parameter.... Read more

    Affected Products : navboard
    • Published: Jan. 22, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2008-3715

    Cross-site scripting (XSS) vulnerability in inc-core-admin-editor-previouscolorsjs.php in the FlexCMS 2.5 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the PreviousColorsString parameter.... Read more

    Affected Products : flexcms
    • Published: Aug. 19, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2020-25374

    CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers to discover internal pathnames by reading an error popup message after two hours of idle time.... Read more

    Affected Products : privileged_session_manager
    • Published: Oct. 28, 2020
    • Modified: Nov. 21, 2024

  • 2.6

    LOW
    CVE-2022-35648

    Nautilus treadmills T616 S/N 100672PRO21140001 through 100672PRO21171980 and T618 S/N 100647PRO21130111 through 100647PRO21183960 with software before 2022-06-09 allow physically proximate attackers to cause a denial of service (fall) by connecting the po... Read more

    Affected Products : t618_firmware t616_firmware t618 t616
    • Published: Jul. 12, 2022
    • Modified: Nov. 21, 2024

  • 2.6

    LOW
    CVE-2008-5211

    Cross-site scripting (XSS) vulnerability in search.php in Sphider 1.3.4, when the search suggestion feature is enabled, allows remote attackers to inject arbitrary web script or HTML via the query parameter, a different vector than CVE-2006-2506.... Read more

    Affected Products : sphider
    • Published: Nov. 24, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2014-1647

    Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform block-data moves, which allows remote attackers to cause a denial of service (read access violation and application crash) via ... Read more

    Affected Products : encryption_desktop pgp_desktop
    • Published: Apr. 23, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293640 Results