Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2004-2491

    A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before the page has been loaded, which allows remote attackers to spoof the URL in the address bar via the window.open and location.replace HTML parameters, whic... Read more

    Affected Products : opera_browser
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-2476

    Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (infinite loop and crash) via an IFRAME with "?" as the file source.... Read more

    Affected Products : internet_explorer
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-2014

    Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded.... Read more

    Affected Products : wget
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-2083

    Opera Web Browser 7.0 through 7.23 allows remote attackers to trick users into executing a malicious file by embedding a CLSID in the file name, which causes the malicious file to appear as a trusted file type, aka "File Download Extension Spoofing."... Read more

    Affected Products : opera_browser
    • Published: Feb. 11, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-0802

    Cross-site scripting (XSS) vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is enabled, allows remote attackers to inject arbitrary web script or HTML via the language parameter in a missing or translation ope... Read more

    Affected Products : postnuke
    • Published: Feb. 20, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1712

    Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument.... Read more

    Affected Products : mailman
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1788

    Adobe Document Server for Reader Extensions 6.0, during log on, provides different error messages depending on whether the user ID is valid or invalid, which allows remote attackers to more easily identify valid user IDs via brute force attacks.... Read more

    Affected Products : document_server
    • Published: Apr. 13, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2009-0433

    Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1.x before 5.1.1.19, 6.0.x before 6.0.2.29, and 6.1.x before 6.1.0.19, when Web Server plug-in content buffering is enabled, allows attackers to cause a denial of service (daemon crash)... Read more

    Affected Products : websphere_application_server
    • Published: Feb. 10, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2009-1536

    ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a ser... Read more

    • Published: Aug. 12, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-1999-0031

    JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability.... Read more

    Affected Products : internet_explorer communicator
    • Published: Jul. 08, 1997
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-5578

    Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka "TIF Folder Information Disclosure Vulnerabil... Read more

    Affected Products : ie
    • Published: Dec. 12, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2008-0274

    Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when certain .htaccess protections are disabled, allows remote attackers to inject arbitrary web script or HTML via crafted links involving theme .tpl.php files.... Read more

    Affected Products : drupal
    • Published: Jan. 15, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-1064

    Multiple cross-site scripting (XSS) vulnerabilities in Lurker 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.... Read more

    Affected Products : lurker
    • Published: Mar. 07, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2010-0900

    Unspecified vulnerability in the Network Layer component in Oracle Database Server 9.2.0.8, 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1, when running on Windows, allows remote attackers to affect availability via unknown vectors.... Read more

    Affected Products : database_server windows
    • Published: Jul. 13, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-1182

    Adobe Graphics Server 2.0 and 2.1 (formerly AlterCast) and Adobe Document Server (ADS) 5.0 and 6.0 allows local users to read files with certain extensions or overwrite arbitrary files and execute code via a crafted SOAP request to the AlterCast web servi... Read more

    Affected Products : document_server graphics_server
    • Published: Mar. 16, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-6677

    ESET NOD32 Antivirus before 1.1743 allows remote attackers to cause a denial of service (crash) via a crafted .CHM file that triggers a divide-by-zero error.... Read more

    Affected Products : nod32_antivirus nod32_antivirus
    • Published: Dec. 21, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2002-0422

    IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 20... Read more

    Affected Products : internet_information_services
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2007-5710

    Cross-site scripting (XSS) vulnerability in wp-admin/edit-post-rows.php in WordPress 2.3 allows remote attackers to inject arbitrary web script or HTML via the posts_columns array parameter.... Read more

    Affected Products : wordpress
    • Published: Oct. 30, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2015-8577

    The Buffer Overflow Protection (BOP) feature in McAfee VirusScan Enterprise before 8.8 Patch 6 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses on 32-bit platforms when protecting another application, which allows atta... Read more

    Affected Products : virusscan_enterprise
    • Published: Dec. 16, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2015-4812

    Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.9 allows remote attackers to affect confidentiality via vectors related to OSSL Module.... Read more

    Affected Products : http_server fusion_middleware
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293302 Results