Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2014-1647

    Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform block-data moves, which allows remote attackers to cause a denial of service (read access violation and application crash) via ... Read more

    Affected Products : encryption_desktop pgp_desktop
    • Published: Apr. 23, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2012-0954

    APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (M... Read more

    Affected Products : advanced_package_tool apt
    • Published: Jun. 19, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-4624

    CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI.... Read more

    Affected Products : mailman
    • Published: Sep. 07, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2024-32771

    An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary n... Read more

    Affected Products : quts_hero qts qutscloud
    • Published: Sep. 06, 2024
    • Modified: Sep. 20, 2024

  • 2.6

    LOW
    CVE-2010-0039

    The Application-Level Gateway (ALG) on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 modifies PORT commands in incoming FTP traffic, which allows remote attackers to use the device's IP a... Read more

    • Published: Dec. 22, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2017-2109

    Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application.... Read more

    Affected Products : kunai
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 2.6

    LOW
    CVE-2006-1833

    Intel RNG Driver in NetBSD 1.6 through 3.0 may incorrectly detect the presence of the pchb interface, which will cause it to always generate the same random number, which allows remote attackers to more easily crack encryption keys generated from the inte... Read more

    Affected Products : netbsd
    • Published: Apr. 19, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2015-4171

    strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is comp... Read more

    • Published: Jun. 10, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2015-1648

    ASP.NET in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, when the customErrors configuration is disabled, allows remote attackers to obtain sensitive configuration-file information via a crafted request, aka "ASP.NET Inf... Read more

    Affected Products : .net_framework
    • Published: Apr. 14, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2012-3450

    pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds rea... Read more

    Affected Products : php
    • Published: Aug. 06, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2003-0279

    Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php.... Read more

    Affected Products : php-nuke
    • Published: Jun. 16, 2003
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2015-8233

    Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.6 for Drupal allows remote administrators with the "Administer themes" permission to inject arbitrary web script or HTML via unspecified vectors rel... Read more

    Affected Products : mayo
    • Published: Nov. 17, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2015-8035

    The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.... Read more

    • Published: Nov. 18, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2025-27707

    Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access.... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Denial of Service

  • 2.6

    LOW
    CVE-2025-20030

    Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable information disclosure via adjacent access.... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Information Disclosure

  • 2.6

    LOW
    CVE-2014-4721

    The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attac... Read more

    Affected Products : debian_linux php
    • Published: Jul. 06, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2021-29473

    Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading,... Read more

    Affected Products : fedora debian_linux exiv2
    • Published: Apr. 26, 2021
    • Modified: Nov. 21, 2024

  • 2.6

    LOW
    CVE-2004-2083

    Opera Web Browser 7.0 through 7.23 allows remote attackers to trick users into executing a malicious file by embedding a CLSID in the file name, which causes the malicious file to appear as a trusted file type, aka "File Download Extension Spoofing."... Read more

    Affected Products : opera_browser
    • Published: Feb. 11, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2012-0287

    Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the query string in a POST operation that is not properly ... Read more

    Affected Products : internet_explorer wordpress
    • Published: Jan. 06, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2010-0900

    Unspecified vulnerability in the Network Layer component in Oracle Database Server 9.2.0.8, 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1, when running on Windows, allows remote attackers to affect availability via unknown vectors.... Read more

    Affected Products : database_server windows
    • Published: Jul. 13, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 293608 Results