Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2006-0723

    PHP remote file inclusion vulnerability in preview.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the php_script_path parameter.... Read more

    Affected Products : magic_news_lite
    • Published: Feb. 16, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2013-0466

    Cross-site scripting (XSS) vulnerability in IBM WebSphere Message Broker 7.0 before 7.0.0.6 and 8.0 before 8.0.0.2, when wsdl support is enabled on a SOAPInput node, allows remote attackers to inject arbitrary web script or HTML via a wsdl request that is... Read more

    Affected Products : websphere_message_broker
    • Published: Feb. 20, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2003-1306

    Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header ... Read more

    Affected Products : urlscan
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-1907

    The Web Filtering functionality in Kerio Personal Firewall (KPF) 4.0.13 allows remote attackers to cause a denial of service (crash) by sending hex-encoded URLs containing "%13%12%13".... Read more

    Affected Products : personal_firewall
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-6146

    Buffer overflow in the HPDF_Page_Circle function in hpdf_page_operator.c in Takeshi Kanno Haru Free PDF Library (libharu2, aka libharu) 2.0.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via certain argum... Read more

    Affected Products : haru_free_pdf_library
    • Published: Nov. 28, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2008-4233

    Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone calls via a crafted HTML... Read more

    Affected Products : iphone_os safari ipod_touch
    • Published: Nov. 25, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-4569

    The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cro... Read more

    Affected Products : firefox enterprise_linux
    • Published: Sep. 15, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2014-1646

    Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform memory copies, which allows remote attackers to cause a denial of service (read access violation and application crash) via a m... Read more

    Affected Products : encryption_desktop pgp_desktop
    • Published: Apr. 23, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2006-4486

    Integer overflow in memory allocation routines in PHP before 5.1.6, when running on a 64-bit system, allows context-dependent attackers to bypass the memory_limit restriction.... Read more

    Affected Products : php
    • Published: Aug. 31, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2010-3511

    Unspecified vulnerability in Oracle OpenSolaris allows local users to affect integrity and availability via unknown vectors related to Tooltalk.... Read more

    Affected Products : opensolaris
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2005-3104

    mt-comments.cgi in Movable Type before 3.2 allows attackers to redirect users to other web sites via URLs in comments.... Read more

    Affected Products : movable_type
    • Published: Sep. 28, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2025-0251

    HCL IEM is affected by a concurrent login vulnerability.  The application allows multiple concurrent sessions using the same user credentials, which may introduce security risks.... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authentication

  • 2.6

    LOW
    CVE-2025-27707

    Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access.... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Denial of Service

  • 2.6

    LOW
    CVE-2006-1680

    Jupiter CMS 1.1.5, when display_errors is enabled, allows remote attackers to obtain the full server path via a direct request to modules/online.php.... Read more

    Affected Products : jupiter_cms
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2012-3952

    Cross-site scripting (XSS) vulnerability in admin/index.php in phpList before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the unconfirmed parameter to the user page.... Read more

    Affected Products : phplist
    • Published: Aug. 12, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2010-2796

    Cross-site scripting (XSS) vulnerability in phpCAS before 1.1.2, when proxy mode is enabled, allows remote attackers to inject arbitrary web script or HTML via a callback URL.... Read more

    Affected Products : phpcas
    • Published: Aug. 05, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2014-2000

    The NTT 050 plus application before 4.2.1 for Android allows attackers to obtain sensitive information by leveraging the ability to read system log files.... Read more

    Affected Products : 050_plus
    • Published: Jun. 18, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2013-2071

    java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request ... Read more

    Affected Products : tomcat
    • Published: Jun. 01, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2011-4940

    The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote attack... Read more

    Affected Products : python
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-2037

    httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attack... Read more

    Affected Products : ubuntu_linux httplib2
    • Published: Jan. 18, 2014
    • Modified: Apr. 11, 2025
Showing 20 of 293934 Results