Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2006-4144

    Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, whi... Read more

    Affected Products : imagemagick
    • Published: Aug. 15, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2348

    Cross-site scripting (XSS) vulnerability in form_grupo.html in E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this issue might be resultant from SQL injection.... Read more

    Affected Products : e-business_designer
    • Published: May. 12, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2519

    Directory traversal vulnerability in include/inc_ext/spaw/spaw_control.class.php in phpwcms 1.2.5-DEV allows remote attackers to include arbitrary local files via .. (dot dot) sequences in the spaw_root parameter. NOTE: CVE analysis suggests that this is... Read more

    Affected Products : phpwcms
    • Published: May. 22, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2518

    Cross-site scripting (XSS) vulnerability in phpwcms 1.2.5-DEV allows remote attackers to inject arbitrary web script or HTML via the BL[be_cnt_plainhtml] parameter to include/inc_tmpl/content/cnt6.inc.php.... Read more

    Affected Products : phpwcms
    • Published: May. 22, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4355

    Cross-site scripting (XSS) vulnerability in Drupal Easylinks Module (easylinks.module) 4.7 before 1.5.2.1 2006/08/19 12:02:27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal_easylinks_module
    • Published: Aug. 27, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2009-2492

    Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-2480.... Read more

    Affected Products : movable_type movable_type movable_type
    • Published: Jul. 17, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2010-4734

    Multiple cross-site scripting (XSS) vulnerabilities in the comment feature in Skeletonz CMS 1.0, when the Blog plugin is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Email parameters. NOTE:... Read more

    Affected Products : skeletonz_cms_1.0
    • Published: Feb. 16, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2010-2854

    Multiple cross-site scripting (XSS) vulnerabilities in modfile.php in Event Horizon (EVH) 1.1.10, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) YourEmail and (2) VerificationNumber parameters,... Read more

    Affected Products : event_horizon
    • Published: Jul. 25, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-0475

    Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site (1) XMLH... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Apr. 25, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2011-4457

    OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element.... Read more

    Affected Products : owasp-java-html-sanitizer
    • Published: Nov. 17, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2009-4022

    Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache ... Read more

    Affected Products : bind
    • Published: Nov. 25, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2010-2114

    Cross-site request forgery (CSRF) vulnerability in pbx/gate in Brekeke PBX 2.4.4.8 allows remote attackers to hijack the authentication of users for requests that change passwords via the pbxadmin.web.PbxUserEdit bean.... Read more

    Affected Products : pbx
    • Published: May. 28, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2009-1710

    WebKit in Apple Safari before 4.0 allows remote attackers to spoof the browser's display of (1) the host name, (2) security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property.... Read more

    Affected Products : safari
    • Published: Jun. 10, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2014-1504

    The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted docum... Read more

    • Published: Mar. 19, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2010-0213

    BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trust anchor that is configured statically or via DNSSEC Lookaside Validation (DLV), allows remote attackers to cause a denial of service (infinite loop) via a query for an RRSIG record who... Read more

    Affected Products : bind
    • Published: Jul. 28, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-3587

    APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-midd... Read more

    Affected Products : advanced_package_tool apt
    • Published: Jun. 19, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2009-0591

    The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was... Read more

    Affected Products : openssl
    • Published: Mar. 27, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2012-1645

    The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin Pull mode with the "Far Future expiration" option enabled, allows remote attackers to read arbitrary PHP files via unspecified vectors, as demonstrated by reading settings.php.... Read more

    Affected Products : drupal cdn
    • Published: Aug. 28, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-3558

    Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during unusually timed changes to this field, which makes it easier for user-assisted remote attackers to conduct spoofing attacks via vectors involving naviga... Read more

    Affected Products : opera_browser
    • Published: Jun. 14, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2008-3962

    The from_format function in ssmtp.c in ssmtp 2.61 and 2.62, in certain configurations, uses uninitialized memory for the From: field of an e-mail message, which might allow remote attackers to obtain sensitive information (memory contents) in opportunisti... Read more

    Affected Products : ssmtp
    • Published: Sep. 11, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 293951 Results