Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2015-4346

    Cross-site scripting (XSS) vulnerability in the SMS Framework module 6.x-1.x before 6.x-1.1 for Drupal, when the "Send to phone" submodule is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to messag... Read more

    Affected Products : sms_framework
    • Published: Jun. 15, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2015-7094

    CFNetwork HTTPProtocol in Apple iOS before 9.2 and OS X before 10.11.2 allows man-in-the-middle attackers to bypass the HSTS protection mechanism via a crafted URL.... Read more

    Affected Products : mac_os_x iphone_os
    • Published: Dec. 11, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2024-45719

    Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users a... Read more

    Affected Products : answer
    • Published: Nov. 22, 2024
    • Modified: Jul. 01, 2025

  • 2.6

    LOW
    CVE-2012-3383

    The map_meta_cap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfiltered_html capability, which allows remote authenticated users to bypass intended access re... Read more

    Affected Products : wordpress
    • Published: Jul. 22, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2005-1923

    The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other versions vefore 0.86, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a cabinet (CAB) file with the cffile_FolderOffset field set to ... Read more

    Affected Products : clamav
    • Published: Jul. 05, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3588

    Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to cause a denial of service (browser crash) via a malformed, compressed .swf file, a different issue than CVE-2006-3587.... Read more

    Affected Products : flash_player
    • Published: Jul. 13, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2007-5238

    Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to ... Read more

    Affected Products : jre sdk jdk
    • Published: Oct. 06, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2010-0537

    DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly resolve pathnames in certain circumstances involving an application's save panel, which allows user-assisted remote attackers to trigger unintended remote file copying via a crafted sh... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Mar. 30, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2011-0169

    WebKit in Apple Safari before 5.0.4, when the Web Inspector is used, does not properly handle the window.console._inspectorCommandLineAPI property, which allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripti... Read more

    Affected Products : safari webkit
    • Published: Mar. 11, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2011-1066

    Cross-site scripting (XSS) vulnerability in the Messaging module 6.x-2.x before 6.x-2.4 and 6.x-4.x before 6.x-4.0-beta8 for Drupal allows remote attackers with administer messaging permissions to inject arbitrary web script or HTML via unspecified vector... Read more

    Affected Products : drupal messaging
    • Published: Feb. 23, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2007-5712

    The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory cons... Read more

    Affected Products : django django
    • Published: Oct. 30, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2015-5907

    WebKit in Apple iOS before 9 allows man-in-the-middle attackers to conduct redirection attacks by leveraging the mishandling of the resource cache of an SSL web site with an invalid X.509 certificate.... Read more

    Affected Products : iphone_os
    • Published: Sep. 18, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2014-4440

    The MCX Desktop Config Profiles implementation in Apple OS X before 10.10 retains web-proxy settings from uninstalled mobile-configuration profiles, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Oct. 18, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2015-2476

    The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 supports SSL 2.0, which makes it easier for remote attackers to defea... Read more

    • Published: Aug. 15, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2009-1536

    ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a ser... Read more

    • Published: Aug. 12, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2005-1918

    The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably inv... Read more

    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-0145

    Firefox before 1.0 does not properly distinguish between user-generated and synthetic click events, which allows remote attackers to use Javascript to bypass the file download prompt when the user uses the Alt-click feature.... Read more

    Affected Products : firefox
    • Published: Jan. 24, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-1937

    A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that was ori... Read more

    Affected Products : firefox mozilla
    • Published: Jun. 14, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-2083

    Opera Web Browser 7.0 through 7.23 allows remote attackers to trick users into executing a malicious file by embedding a CLSID in the file name, which causes the malicious file to appear as a trusted file type, aka "File Download Extension Spoofing."... Read more

    Affected Products : opera_browser
    • Published: Feb. 11, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-3007

    Opera before 8.50 allows remote attackers to spoof the content type of files via a filename with a trailing "." (dot), which might allow remote attackers to trick users into processing dangerous content.... Read more

    Affected Products : opera_browser
    • Published: Sep. 21, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 293343 Results