Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2025-25985

    An issue in Macro-video Technologies Co.,Ltd V380E6_C1 IP camera (Hw_HsAKPIQp_WF_XHR) 1020302 allows a physically proximate attacker to execute arbitrary code via the /mnt/mtd/mvconf/wifi.ini and /mnt/mtd/mvconf/user_info.ini components.... Read more

    Affected Products : v380e6_c1_firmware v380e6_c1
    • Published: Apr. 18, 2025
    • Modified: Jun. 25, 2025
    • Vuln Type: Authentication

  • 2.6

    LOW
    CVE-2007-1903

    Cross-site scripting (XSS) vulnerability in search.php in SonicBB 1.0 allows remote attackers to inject arbitrary web script or HTML via the part parameter.... Read more

    Affected Products : sonicbb
    • Published: May. 14, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2007-0895

    Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level as it... Read more

    Affected Products : solaris sunos
    • Published: Feb. 13, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-4919

    Directory traversal vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter.... Read more

    Affected Products : siteatschool
    • Published: Sep. 21, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2007-1008

    Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requi... Read more

    Affected Products : itunes
    • Published: Feb. 20, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-4685

    The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.... Read more

    Affected Products : xml_core_services xml_parser
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2007-0286

    Unspecified vulnerability in Oracle Application Server 10.1.2.0.2 and 10.1.3.0, and Collaboration Suite 10.1.2, has unknown impact and attack vectors related to Containers for J2EE, aka OC4J07.... Read more

    • Published: Jan. 17, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2008-0266

    Cross-site request forgery (CSRF) vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks. NOTE: either the old password must be known, or the attacker mu... Read more

    Affected Products : eticket
    • Published: Jan. 15, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2008-2960

    Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, when register_globals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries... Read more

    Affected Products : phpmyadmin
    • Published: Jul. 02, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-3174

    Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter.... Read more

    Affected Products : squirrelmail
    • Published: Jun. 23, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2011-3266

    The proto_tree_add_item function in Wireshark 1.6.0 through 1.6.1 and 1.4.0 through 1.4.8, when the IKEv1 protocol dissector is used, allows user-assisted remote attackers to cause a denial of service (infinite loop) via vectors involving a malformed IKE ... Read more

    Affected Products : wireshark
    • Published: Aug. 24, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2010-3862

    The org.jboss.remoting.transport.bisocket.BisocketServerInvoker$SecondaryServerSocketThread.run method in JBoss Remoting 2.2.x before 2.2.3.SP4 and 2.5.x before 2.5.3.SP2 in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 throug... Read more

    • Published: Dec. 30, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-0733

    Cross-site scripting (XSS) vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as (1) onfocus and (2) onblur in the "author's website" field. NOTE: followup comments to the resear... Read more

    Affected Products : wordpress
    • Published: Feb. 16, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4484

    Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow wh... Read more

    Affected Products : php
    • Published: Aug. 31, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2012-6618

    The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a crafted MP3 file, possibly related to frame size or lack of s... Read more

    Affected Products : ffmpeg
    • Published: Dec. 24, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2008-3457

    Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in whi... Read more

    Affected Products : phpmyadmin
    • Published: Aug. 04, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2011-3649

    Mozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D (aka D2D) API is used on Windows in conjunction with the Azure graphics back-end, allow remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, ... Read more

    Affected Products : firefox thunderbird windows
    • Published: Nov. 09, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2011-2642

    Multiple cross-site scripting (XSS) vulnerabilities in the table Print view implementation in tbl_printview.php in phpMyAdmin before 3.3.10.3 and 3.4.x before 3.4.3.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ta... Read more

    Affected Products : phpmyadmin
    • Published: Aug. 01, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-0388

    Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 allows remote attackers to redirect users to local files and execute arbitrary JavaScript via unspecified vectors involving HTTP redirection to local resources.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Mar. 03, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-3089

    Firefox 1.0.6 allows attackers to cause a denial of service (crash) via a Proxy Auto-Config (PAC) script that uses an eval statement. NOTE: it is not clear whether an untrusted party has any role in triggering this issue, so it might not be a vulnerabilit... Read more

    Affected Products : firefox
    • Published: Sep. 28, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 293975 Results