Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2014-2333

    Cross-site scripting (XSS) vulnerability in the Lazyest Gallery plugin before 1.1.21 for WordPress allows remote attackers to inject arbitrary web script or HTML via an EXIF tag. NOTE: some of these details are obtained from third party information.... Read more

    Affected Products : lazyest-gallery
    • Published: Apr. 11, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2024-32405

    Cross Site Scripting vulnerability in inducer relate before v.2024.1 allows a remote attacker to escalate privileges via a crafted payload to the Answer field of InlineMultiQuestion parameter on Exam function.... Read more

    Affected Products : relate
    • Published: Apr. 22, 2024
    • Modified: Jun. 13, 2025

  • 2.6

    LOW
    CVE-2014-1647

    Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform block-data moves, which allows remote attackers to cause a denial of service (read access violation and application crash) via ... Read more

    Affected Products : encryption_desktop pgp_desktop
    • Published: Apr. 23, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2005-1791

    Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the user attempts to add a URI to the restricted zone, in which the full domain name of the URI begins with numeric sequences similar to an IP address. NOTE: if there is not an exploit scenar... Read more

    Affected Products : ie
    • Published: May. 28, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-1918

    The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably inv... Read more

    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-1793

    User32.DLL in Microsoft Windows 98SE, and possibly other operating systems, allows local and remote attackers to cause a denial of service (crash) via an icon (.ico) bitmap file with large width and height values.... Read more

    Affected Products : windows_98se
    • Published: Jun. 01, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-2517

    Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatted page to the next page that is browsed by the user, which causes form data to be sent to the wrong site.... Read more

    Affected Products : mac_os_x safari
    • Published: Aug. 19, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-3007

    Opera before 8.50 allows remote attackers to spoof the content type of files via a filename with a trailing "." (dot), which might allow remote attackers to trick users into processing dangerous content.... Read more

    Affected Products : opera_browser
    • Published: Sep. 21, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-1790

    Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "Mismat... Read more

    Affected Products : internet_explorer
    • Published: Jun. 01, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-2414

    Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service (application crash) via a large HTML file that loads a DOM call from within nested DIV tags, ... Read more

    Affected Products : xpcom
    • Published: Aug. 03, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-0538

    CipherTrust IronMail 5.0.1, when "Denial of Service Protection" is enabled, allows remote attackers to cause a denial of service (possibly CPU consumption) via a SYN flood with malformed TCP packets from multiple connections.... Read more

    Affected Products : ironmail
    • Published: Feb. 04, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-2272

    Safari version 2.0 (412) does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vuln... Read more

    Affected Products : safari
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-0585

    Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks.... Read more

    Affected Products : firefox mozilla
    • Published: Mar. 25, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-2273

    Opera 7.x and 8 before 8.01 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing V... Read more

    Affected Products : opera_browser
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-2083

    Opera Web Browser 7.0 through 7.23 allows remote attackers to trick users into executing a malicious file by embedding a CLSID in the file name, which causes the malicious file to appear as a trusted file type, aka "File Download Extension Spoofing."... Read more

    Affected Products : opera_browser
    • Published: Feb. 11, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-2491

    A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before the page has been loaded, which allows remote attackers to spoof the URL in the address bar via the window.open and location.replace HTML parameters, whic... Read more

    Affected Products : opera_browser
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-2476

    Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (infinite loop and crash) via an IFRAME with "?" as the file source.... Read more

    Affected Products : internet_explorer
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3284

    Cross-site scripting (XSS) vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in (1) webmaster/index.php and (2) search.php.... Read more

    Affected Products : dating_agent_pro
    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3484

    Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) show_courses or (2) current_cat parameters to (a) admin/create_course.php, show_courses parameter to (b) u... Read more

    Affected Products : atutor
    • Published: Jul. 10, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2010-0777

    The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers... Read more

    Affected Products : websphere_application_server
    • Published: May. 17, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 293507 Results