Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2024-20911

    Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracl... Read more

    Affected Products : audit_vault_and_database_firewall
    • Published: Feb. 17, 2024
    • Modified: Mar. 27, 2025

  • 2.6

    LOW
    CVE-2006-2897

    Cross-site scripting (XSS) vulnerability in FunkBoard 0.71 allows remote attackers to inject arbitrary HTML or web script via unspecified vectors.... Read more

    Affected Products : funkboard
    • Published: Jun. 07, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2012-3450

    pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds rea... Read more

    Affected Products : php
    • Published: Aug. 06, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2003-0279

    Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php.... Read more

    Affected Products : php-nuke
    • Published: Jun. 16, 2003
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1192

    Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another s... Read more

    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2015-1648

    ASP.NET in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, when the customErrors configuration is disabled, allows remote attackers to obtain sensitive configuration-file information via a crafted request, aka "ASP.NET Inf... Read more

    Affected Products : .net_framework
    • Published: Apr. 14, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2010-2431

    The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file.... Read more

    Affected Products : cups
    • Published: Jun. 22, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2015-4926

    Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.1, and 12.2 allows remote attackers to affect integrity via vectors related to UIX.... Read more

    Affected Products : e-business_suite
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2006-2832

    Cross-site scripting (XSS) vulnerability in the upload module (upload.module) in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename.... Read more

    Affected Products : drupal
    • Published: Jun. 06, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2015-2627

    Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to installation.... Read more

    Affected Products : jdk jre
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2007-0537

    The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a c... Read more

    Affected Products : konqueror
    • Published: Jan. 29, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2015-8035

    The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.... Read more

    • Published: Nov. 18, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2024-45719

    Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users a... Read more

    Affected Products : answer
    • Published: Nov. 22, 2024
    • Modified: Jul. 01, 2025

  • 2.6

    LOW
    CVE-2010-5097

    Cross-site scripting (XSS) vulnerability in the click enlarge functionality in TYPO3 4.3.x before 4.3.9 and 4.4.x before 4.4.5 when the caching framework is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : typo3
    • Published: May. 21, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2011-5256

    Cross-site scripting (XSS) vulnerability in the tooltips in LimeSurvey before 1.91+ Build 11379-20111116, when viewing survey results, allows remote attackers to inject arbitrary web script or HTML via unknown parameters.... Read more

    Affected Products : limesurvey
    • Published: Feb. 12, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-0099

    Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to sshd.... Read more

    Affected Products : sunos solaris
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2011-4872

    Multiple HTC Android devices including Desire HD FRG83D and GRI40, Glacier FRG83, Droid Incredible FRF91, Thunderbolt 4G FRG83D, Sensation Z710e GRI40, Sensation 4G GRI40, Desire S GRI40, EVO 3D GRI40, and EVO 4G GRI40 allow remote attackers to obtain 802... Read more

    • Published: Feb. 05, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2011-3985

    Cross-site scripting (XSS) vulnerability in Plume before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : plume_cms
    • Published: Nov. 09, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2011-3328

    The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color-correction support is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed PNG image containing a cHRM chunk assoc... Read more

    Affected Products : libpng
    • Published: Jan. 17, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2010-0730

    The MMIO instruction decoder in the Xen hypervisor in the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows guest OS users to cause a denial of service (32-bit guest OS crash) via vectors that trigger an unspecified instruction emulation.... Read more

    • Published: May. 12, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 293605 Results