Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2005-0591

    Firefox before 1.0.1 allows remote attackers to spoof the (1) security and (2) download modal dialog boxes, which could be used to trick users into executing script or downloading and executing a file, aka "Firespoofing."... Read more

    Affected Products : firefox
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-1790

    Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "Mismat... Read more

    Affected Products : internet_explorer
    • Published: Jun. 01, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-2414

    Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service (application crash) via a large HTML file that loads a DOM call from within nested DIV tags, ... Read more

    Affected Products : xpcom
    • Published: Aug. 03, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-6146

    Buffer overflow in the HPDF_Page_Circle function in hpdf_page_operator.c in Takeshi Kanno Haru Free PDF Library (libharu2, aka libharu) 2.0.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via certain argum... Read more

    Affected Products : haru_free_pdf_library
    • Published: Nov. 28, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-3278

    Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) next_template, (2) start, (3) curr_menu_id, and (4) arid parameters in psoft/servlet/resadmin/psoft.hs... Read more

    Affected Products : h-sphere
    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2651

    Cross-site scripting (XSS) vulnerability in index.php in Vacation Rental Script 1.0 allows remote attackers to inject arbitrary web script or HTML via the obj parameter.... Read more

    Affected Products : vacation_rental_script
    • Published: May. 30, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2765

    Cross-site scripting (XSS) vulnerability in news_information.php in Interlink Advantage allows remote attackers to inject arbitrary web script or HTML via the flag parameter.... Read more

    Affected Products : interlink_advantage
    • Published: Jun. 02, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4975

    Yahoo! Messenger for WAP permits saving messages that contain JavaScript, which allows user-assisted remote attackers to inject arbitrary web script or HTML via a URL at the online service.... Read more

    Affected Products : messenger
    • Published: Sep. 25, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3305

    Multiple cross-site scripting (XSS) vulnerabilities in UebiMiau Webmail 2.7.10, and 2.7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) f_user parameter in index.php, the (2) pag parameter in messages.php, or the (3... Read more

    Affected Products : uebimiau
    • Published: Jun. 29, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3656

    Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-assisted attackers to cause memory corruption via a crafted PowerPoint file, which triggers the corruption when the file is closed. NOTE: due to the lack of available details as of 200607... Read more

    Affected Products : powerpoint
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3063

    Multiple cross-site scripting (XSS) vulnerabilities in myPHP Guestbook 1.x through 2.0.0-r1 and before 2.0.1 RC5 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) email, (3) homepage, (4) id, (5) name, and (6) text par... Read more

    Affected Products : myphp_guestbook
    • Published: Jun. 19, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2013-4877

    The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registra... Read more

    Affected Products : wireless_network_extender
    • Published: Jul. 18, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-4011

    PHP remote file inclusion vulnerability in esupport/admin/autoclose.php in Kayako eSupport 2.3.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the subd parameter.... Read more

    Affected Products : esupport
    • Published: Aug. 07, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2013-1517

    Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related to Diagnostics.... Read more

    Affected Products : e-business_suite
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-4071

    Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafte... Read more

    Affected Products : windows_2003_server windows_xp
    • Published: Aug. 10, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2007-3822

    Multiple cross-site scripting (XSS) vulnerabilities in Webcit before 7.11 allow remote attackers to inject arbitrary web script or HTML via (1) the who parameter to showuser; and other vectors involving (2) calendar mode, (3) bulletin board mode, (4) room... Read more

    Affected Products : webcit
    • Published: Jul. 17, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-1761

    Cross-site scripting vulnerability in index.php in blur6ex 0.3.452 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter, which is not sanitized in the error message. NOTE: the vector in the shard parameter is not XSS a... Read more

    Affected Products : blur6ex
    • Published: Apr. 13, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1642

    Cross-site scripting (XSS) vulnerability in Interact 2.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) the search_terms parameter to (a) search.php, and (2) the first_name, (3) last_name, (4) email, (5) password, and (6) confirm... Read more

    Affected Products : interact
    • Published: Apr. 06, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1750

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in Autogallery 0.41 allow remote attackers to inject arbitrary web script or HTML via the (1) pic or (2) show parameters.... Read more

    Affected Products : autogallery
    • Published: Apr. 12, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2007-6704

    Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.a... Read more

    Affected Products : firepass_4100
    • Published: Mar. 05, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 293633 Results