Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2006-5793

    The sPLT chunk handling code (png_set_sPLT function in pngset.c) in libpng 1.0.6 through 1.2.12 uses a sizeof operator on the wrong data type, which allows context-dependent attackers to cause a denial of service (crash) via malformed sPLT chunks that tri... Read more

    Affected Products : libpng
    • Published: Nov. 17, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-5229

    OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than... Read more

    Affected Products : openssh suse_linux
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-4807

    loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted TGA image that triggers an out-of-bounds memory read, a different issue than CVE-2006-4808.... Read more

    Affected Products : imlib2
    • Published: Nov. 07, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2012-3558

    Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during unusually timed changes to this field, which makes it easier for user-assisted remote attackers to conduct spoofing attacks via vectors involving naviga... Read more

    Affected Products : opera_browser
    • Published: Jun. 14, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-1645

    The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified vectors, as demonstrated by reading settings.php.... Read more

    Affected Products : drupal cdn
    • Published: Aug. 28, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-4929

    The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext ... Read more

    Affected Products : android firefox debian_linux chrome
    • Published: Sep. 15, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2009-0591

    The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was... Read more

    Affected Products : openssl
    • Published: Mar. 27, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2009-1710

    WebKit in Apple Safari before 4.0 allows remote attackers to spoof the browser's display of (1) the host name, (2) security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property.... Read more

    Affected Products : safari
    • Published: Jun. 10, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2012-3587

    APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-midd... Read more

    Affected Products : advanced_package_tool apt
    • Published: Jun. 19, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2014-1504

    The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted docum... Read more

    • Published: Mar. 19, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2012-3507

    Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in RoundCube Webmail before 0.8.0, when using the Larry skin, allows remote attackers to inject arbitrary web script or HTML via the email message subject.... Read more

    Affected Products : webmail roundcube_webmail
    • Published: Aug. 25, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-3122

    Unspecified vulnerability in Oracle Sun Solaris 8 and 9 allows local users to affect confidentiality and integrity via unknown vectors related to sort.... Read more

    Affected Products : sunos solaris
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-1597

    Cross-site scripting (XSS) vulnerability in the textEncode function in classes/ezjscajaxcontent.php in eZ JS Core in eZ Publish before 1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : ezjscore
    • Published: Aug. 17, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-1999-0793

    Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet.... Read more

    Affected Products : internet_explorer
    • Published: Nov. 17, 1999
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2008-2140

    Cross-site request forgery (CSRF) vulnerability in the rootpw plugin in rPath Appliance Platform Agent 2 and 3 allows remote attackers to reset the root password as the administrator via a crafted URL.... Read more

    Affected Products : appliance_platform_agent
    • Published: May. 12, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-1999-0762

    When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the "about" protocol to gain access to browser information.... Read more

    Affected Products : navigator communicator
    • Published: May. 24, 1999
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2008-3398

    Multiple cross-site scripting (XSS) vulnerabilities in XRMS CRM 1.99.2 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to unspecified components, possibly including login.php. NOTE: this may overlap CVE-2008-1129.... Read more

    Affected Products : xrms_crm
    • Published: Jul. 31, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-1999-0749

    Buffer overflow in Microsoft Telnet client in Windows 95 and Windows 98 via a malformed Telnet argument.... Read more

    Affected Products : windows_95 windows_98
    • Published: Aug. 16, 1999
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-0717

    A remote attacker can disable the virus warning mechanism in Microsoft Excel 97.... Read more

    • Published: May. 07, 1999
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2012-1693

    Unspecified vulnerability in Oracle SPARC Enterprise M Series Servers XCP 1110 allows remote attackers to affect availability, related to XSCF Control Package (XCP).... Read more

    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 294068 Results