Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2006-2312

    Argument injection vulnerability in the URI handler in Skype 2.0.*.104 and 2.5.*.0 through 2.5.*.78 for Windows allows remote authorized attackers to download arbitrary files via a URL that contains certain command-line switches.... Read more

    Affected Products : windows skype
    • Published: May. 19, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3043

    Cross-site scripting (XSS) vulnerability in search.cfm in CreaFrameXe (CFXe) CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the voltext_suche parameter.... Read more

    Affected Products : cfxe-cms
    • Published: Jun. 16, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2015-4744

    Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0 allows remote attackers... Read more

    Affected Products : fusion_middleware
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2006-3038

    Cross-site scripting (XSS) vulnerability in index.php in Cescripts Realty Room Rent allows remote attackers to inject arbitrary web script or HTML via the sel_menu parameter. NOTE: the vendor notified CVE on 20060823 that "All issues concerning this scri... Read more

    Affected Products : realty_room_rent
    • Published: Jun. 15, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3284

    Cross-site scripting (XSS) vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in (1) webmaster/index.php and (2) search.php.... Read more

    Affected Products : dating_agent_pro
    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3841

    Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before bein... Read more

    Affected Products : webscarab
    • Published: Jul. 25, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3253

    Cross-site scripting (XSS) vulnerability in member.php in vBulletin 3.5.x allows remote attackers to inject arbitrary web script or HTML via the u parameter. NOTE: the vendor has disputed this report, stating that they have been unable to replicate the i... Read more

    Affected Products : vbulletin
    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2265

    Cross-site scripting vulnerability in admin/main.asp in Ocean12 Calendar Manager Pro 1.00 allows remote attackers to inject arbitrary web script or HTML via the date parameter. NOTE: the provenance of this information is unknown; the details are obtained... Read more

    Affected Products : calendar_manager_pro
    • Published: May. 09, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2009-0354

    Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting (XSS) attacks, via vectors invol... Read more

    Affected Products : firefox
    • Published: Feb. 04, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-3731

    Mozilla Firefox 1.5.0.4 and earlier allows remote user-assisted attackers to cause a denial of service (crash) via a form with a multipart/form-data encoding and a user-uploaded file. NOTE: a third party has claimed that this issue might be related to th... Read more

    Affected Products : firefox
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3356

    The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and earlier allows remote user-assisted attackers to cause a denial of service (application crash) via an invalid tag value in a TIFF image, possibly triggering a null dereference. NOTE: This... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Jul. 06, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3073

    Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN feature in the Cisco VPN 3000 Series Concentrators and Cisco ASA 5500 Series Adaptive Security Appliances (ASA), when in WebVPN clientless mode, allow remote attackers to inject arbitrary w... Read more

    • Published: Jun. 19, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3037

    Multiple cross-site scripting (XSS) vulnerabilities in publish.php in ST AdManager Lite allow remote attackers to inject arbitrary web script or HTML via the (1) title, (2) description, (3) article, (4) bio, and (5) name parameters.... Read more

    Affected Products : st_admanager_lite
    • Published: Jun. 15, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2014-6527

    Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476.... Read more

    Affected Products : jre
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2013-2207

    pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.... Read more

    Affected Products : fedora glibc
    • Published: Oct. 09, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2007-1903

    Cross-site scripting (XSS) vulnerability in search.php in SonicBB 1.0 allows remote attackers to inject arbitrary web script or HTML via the part parameter.... Read more

    Affected Products : sonicbb
    • Published: May. 14, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2007-3622

    Unspecified vulnerability in DomainPOP in Alt-N Technologies MDaemon before 9.61 allows remote attackers to cause a denial of service (crash) via malformed messages.... Read more

    Affected Products : mdaemon
    • Published: Jul. 09, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-1786

    Cross-site scripting (XSS) vulnerability in Adobe Document Server for Reader Extensions 6.0 allows remote attackers to inject arbitrary web script or HTML via (1) the actionID parameter in ads-readerext and (2) the op parameter in AlterCast. NOTE: it is n... Read more

    Affected Products : document_server
    • Published: Apr. 13, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2014-9269

    Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 through 1.2.x before 1.2.18, when Extended project browser is enabled, allows remote attackers to inject arbitrary web script or HTML via the project cookie.... Read more

    Affected Products : debian_linux mantisbt
    • Published: Jan. 09, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2012-0021

    The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of servic... Read more

    Affected Products : http_server
    • Published: Jan. 28, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 293534 Results