Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2011-1772

    Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the... Read more

    Affected Products : struts xwork webwork
    • Published: May. 13, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2011-1066

    Cross-site scripting (XSS) vulnerability in the Messaging module 6.x-2.x before 6.x-2.4 and 6.x-4.x before 6.x-4.0-beta8 for Drupal allows remote attackers with administer messaging permissions to inject arbitrary web script or HTML via unspecified vector... Read more

    Affected Products : drupal messaging
    • Published: Feb. 23, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-0169

    The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, whic... Read more

    Affected Products : openssl openjdk polarssl
    • Published: Feb. 08, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2011-0169

    WebKit in Apple Safari before 5.0.4, when the Web Inspector is used, does not properly handle the window.console._inspectorCommandLineAPI property, which allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripti... Read more

    Affected Products : safari webkit
    • Published: Mar. 11, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2005-1686

    Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it h... Read more

    Affected Products : gedit
    • Published: May. 20, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1192

    Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another s... Read more

    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2015-4171

    strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is comp... Read more

    • Published: Jun. 10, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2015-7094

    CFNetwork HTTPProtocol in Apple iOS before 9.2 and OS X before 10.11.2 allows man-in-the-middle attackers to bypass the HSTS protection mechanism via a crafted URL.... Read more

    Affected Products : mac_os_x iphone_os
    • Published: Dec. 11, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2011-1058

    Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a java... Read more

    Affected Products : moinmoin
    • Published: Feb. 22, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-2832

    Cross-site scripting (XSS) vulnerability in the upload module (upload.module) in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename.... Read more

    Affected Products : drupal
    • Published: Jun. 06, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2008-4937

    senddoc in OpenOffice.org (OOo) 2.4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/log.obr.##### temporary file.... Read more

    Affected Products : openoffice.org
    • Published: Nov. 05, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2012-2687

    Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject ... Read more

    Affected Products : http_server
    • Published: Aug. 22, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2015-2047

    The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authentication via a password that is casted to an empty value.... Read more

    Affected Products : debian_linux typo3
    • Published: Feb. 23, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2014-2478

    Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote attackers to affect confidentiality via unknown vectors.... Read more

    Affected Products : database_server
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2014-1948

    OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users t... Read more

    • Published: Feb. 14, 2014
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2014-6502

    Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries.... Read more

    Affected Products : jdk jre
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2014-6591

    Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585.... Read more

    Affected Products : jdk jre
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2014-6585

    Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6591.... Read more

    Affected Products : jdk jre
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2005-4357

    Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary Javascript via a permitted HTML tag with " (quote) characters and active attributes such as onmouseover.... Read more

    Affected Products : phpbb
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-0145

    Firefox before 1.0 does not properly distinguish between user-generated and synthetic click events, which allows remote attackers to use Javascript to bypass the file download prompt when the user uses the Alt-click feature.... Read more

    Affected Products : firefox
    • Published: Jan. 24, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 294348 Results