Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2006-1841

    Cross-site scripting (XSS) vulnerability in search.php in boastMachine (bMachine) 2.7, and possibly other versions before 2.9b, allows remote attackers to inject arbitrary web script or HTML via the key parameter, as used by the search field.... Read more

    Affected Products : boastmachine
    • Published: Apr. 19, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2014-9433

    Multiple cross-site scripting (XSS) vulnerabilities in cms/front_content.php in Contenido before 4.9.6, when advanced mod rewrite (AMR) is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) idart, (2) lang, or (3) idcat pa... Read more

    Affected Products : contendio
    • Published: Dec. 31, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2006-2545

    Multiple cross-site scripting (XSS) vulnerabilities in Xtreme Topsites 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in stats.php and (2) unspecified inputs in lostid.php, probably the searchthis parameter. NO... Read more

    Affected Products : xtreme_topsites
    • Published: May. 23, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2007-1773

    Multiple directory traversal vulnerabilities in aBitWhizzy allow remote attackers to list arbitrary directories via a .. (dot dot) in the d parameter to (1) whizzery/whizzypic.php or (2) whizzery/whizzylink.php, different vectors than CVE-2006-6384.... Read more

    Affected Products : abitwhizzy
    • Published: Mar. 30, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2013-2139

    Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows remote attackers to cause a denial of service (crash) via vectors related to a length inconsistency in the crypto_policy_set_from_profile_for_rtp and srtp_protect functions.... Read more

    Affected Products : fedora opensuse libsrtp
    • Published: Jan. 16, 2014
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2015-2047

    The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authentication via a password that is casted to an empty value.... Read more

    Affected Products : debian_linux typo3
    • Published: Feb. 23, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2015-4346

    Cross-site scripting (XSS) vulnerability in the SMS Framework module 6.x-1.x before 6.x-1.1 for Drupal, when the "Send to phone" submodule is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to messag... Read more

    Affected Products : sms_framework
    • Published: Jun. 15, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2016-3291

    Microsoft Internet Explorer 11 and Microsoft Edge mishandle cross-origin requests, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."... Read more

    Affected Products : edge internet_explorer
    • Published: Sep. 14, 2016
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2007-1358

    Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RF... Read more

    Affected Products : tomcat
    • Published: May. 10, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2003-0279

    Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php.... Read more

    Affected Products : php-nuke
    • Published: Jun. 16, 2003
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2015-4456

    ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which allows man-in-the-middle attackers to bypass the user's certificate distrust decision and obtain sensitive information by levera... Read more

    Affected Products : owncloud_desktop_client
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2007-2509

    CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands.... Read more

    Affected Products : php
    • Published: May. 09, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2011-1499

    acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy serv... Read more

    Affected Products : debian_linux tinyproxy
    • Published: Apr. 29, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-5099

    Cross-site scripting (XSS) vulnerability in article.php in Anchor CMS 0.9.1, when comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Name field. NOTE: some sources have reported that comments.php is vulnerable, b... Read more

    Affected Products : anchor_cms
    • Published: Aug. 09, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-5315

    Cross-site scripting (XSS) vulnerability in the Resource Manager in the MEE submodule (mee.module) in the Scald module 6.x-1.x before 6.x-1.0-beta3 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via th... Read more

    Affected Products : drupal scald
    • Published: Aug. 19, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-5951

    Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer 2.1.3, when used as a component for Joomla!, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) application.js.php in scripts/ or (2) admin.php, (3) copy_... Read more

    Affected Products : extplorer
    • Published: Mar. 25, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2013-5137

    IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API.... Read more

    Affected Products : iphone_os
    • Published: Sep. 19, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2009-0737

    Multiple cross-site scripting (XSS) vulnerabilities in the web-based installer (config/index.php) in MediaWiki 1.6 before 1.6.12, 1.12 before 1.12.4, and 1.13 before 1.13.4, when the installer is in active use, allow remote attackers to inject arbitrary w... Read more

    Affected Products : mediawiki
    • Published: Feb. 25, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2013-7078

    Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property ... Read more

    Affected Products : typo3
    • Published: Jan. 19, 2014
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2011-3872

    Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certific... Read more

    • Published: Oct. 27, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 293679 Results