Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2013-5854

    Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality via unknown vectors.... Read more

    Affected Products : jdk jre javafx
    • Published: Oct. 16, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2007-5564

    Multiple cross-site scripting (XSS) vulnerabilities in NSSboard (formerly Simple PHP Forum) 6.1 allow remote attackers to inject arbitrary web script or HTML via (1) HTML tags when BBcode is disabled; or the (2) user, (3) email, or (4) Real Name fields in... Read more

    Affected Products : simple_php_forum
    • Published: Oct. 18, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2003-0282

    Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence.... Read more

    • Published: Jun. 16, 2003
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2014-6527

    Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476.... Read more

    Affected Products : jre
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2002-1233

    A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on te... Read more

    Affected Products : http_server
    • Published: Nov. 04, 2002
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2007-5293

    Multiple cross-site scripting (XSS) vulnerabilities in IDMOS 1.0-beta (aka Phoenix) allow remote attackers to inject arbitrary web script or HTML via the (1) err_msg parameter to error.php and the (2) content parameter to templates/simple/ia.php.... Read more

    Affected Products : idmos
    • Published: Oct. 09, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2007-2727

    The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which mi... Read more

    Affected Products : php
    • Published: May. 16, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2009-1536

    ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a ser... Read more

    • Published: Aug. 12, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2007-5710

    Cross-site scripting (XSS) vulnerability in wp-admin/edit-post-rows.php in WordPress 2.3 allows remote attackers to inject arbitrary web script or HTML via the posts_columns array parameter.... Read more

    Affected Products : wordpress
    • Published: Oct. 30, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2008-0994

    Preview in Apple Mac OS X 10.5.2 uses 40-bit RC4 when saving a PDF file with encryption, which makes it easier for attackers to decrypt the file via brute force methods.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Mar. 18, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2004-1877

    The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently revea... Read more

    Affected Products : http_server application_server
    • Published: Mar. 30, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2008-4308

    The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.... Read more

    Affected Products : tomcat
    • Published: Feb. 26, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2008-0274

    Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when certain .htaccess protections are disabled, allows remote attackers to inject arbitrary web script or HTML via crafted links involving theme .tpl.php files.... Read more

    Affected Products : drupal
    • Published: Jan. 15, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2009-0433

    Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1.x before 5.1.1.19, 6.0.x before 6.0.2.29, and 6.1.x before 6.1.0.19, when Web Server plug-in content buffering is enabled, allows attackers to cause a denial of service (daemon crash)... Read more

    Affected Products : websphere_application_server
    • Published: Feb. 10, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2010-0900

    Unspecified vulnerability in the Network Layer component in Oracle Database Server 9.2.0.8, 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1, when running on Windows, allows remote attackers to affect availability via unknown vectors.... Read more

    Affected Products : database_server windows
    • Published: Jul. 13, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2005-0591

    Firefox before 1.0.1 allows remote attackers to spoof the (1) security and (2) download modal dialog boxes, which could be used to trick users into executing script or downloading and executing a file, aka "Firespoofing."... Read more

    Affected Products : firefox
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4374

    IrfanView 3.98 (with plugins) allows user-assisted attackers to cause a denial of service (application crash) via a crafted ANI image file, possibly due to a buffer overflow.... Read more

    Affected Products : irfanview
    • Published: Aug. 26, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-0492

    Adobe Acrobat Reader 6.0.3 and 7.0.0 allows remote attackers to cause a denial of service (application crash) via a PDF file that contains a negative Count value in the root page node.... Read more

    Affected Products : acrobat_reader
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2013-4504

    The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL.... Read more

    Affected Products : drupal monster_menus monster_menus
    • Published: May. 13, 2014
    • Modified: Aug. 27, 2025

  • 2.6

    LOW
    CVE-2025-25183

    vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. Pr... Read more

    Affected Products : vllm
    • Published: Feb. 07, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 293262 Results