Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2013-2051

    The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions by performing a replay attack after a nonce becomes stale. NOTE: this issue is due to an incomplete fix ... Read more

    Affected Products : enterprise_linux
    • Published: Jul. 09, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2015-0820

    Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sandbox protection mechanism or a Secure EcmaScript sandbo... Read more

    Affected Products : firefox ubuntu_linux opensuse
    • Published: Feb. 25, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2015-2627

    Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to installation.... Read more

    Affected Products : jdk jre
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2005-2274

    Microsoft Internet Explorer 6.0 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofi... Read more

    Affected Products : internet_explorer
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2014-9507

    MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content model for a revision to JS.... Read more

    Affected Products : mediawiki
    • Published: Jan. 04, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2010-2431

    The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file.... Read more

    Affected Products : cups
    • Published: Jun. 22, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2015-0504

    Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Error Messages.... Read more

    Affected Products : e-business_suite
    • Published: Apr. 16, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2002-1996

    Cross-site scripting (XSS) vulnerability in PostNuke 0.71 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name parameter in modules.php and (2) catid parameter in index.php.... Read more

    Affected Products : postnuke
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2001-0273

    pgp4pine Pine/PGP interface version 1.75-6 does not properly check to see if a public key has expired when obtaining the keys via Gnu Privacy Guard (GnuPG), which causes the message to be sent in cleartext.... Read more

    Affected Products : pgp4pine
    • Published: May. 03, 2001
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-0396

    A race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of service.... Read more

    Affected Products : netbsd openbsd
    • Published: Feb. 17, 1999
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2000-0132

    Microsoft Java Virtual Machine allows remote attackers to read files via the getSystemResourceAsStream function.... Read more

    Affected Products : virtual_machine
    • Published: Jan. 31, 2000
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2000-0406

    Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Su... Read more

    Affected Products : communicator
    • Published: May. 10, 2000
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2000-0006

    strace allows local users to read arbitrary files via memory mapped file names.... Read more

    Affected Products : linux_kernel strace
    • Published: Dec. 25, 1999
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2008-3634

    Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing is enabled but blocked by the host-based firewall, presents misleading information about firewall security, which might allow remote attackers to leverage an exposure that would be abs... Read more

    Affected Products : itunes mac_os_x mac_os_x_server
    • Published: Sep. 11, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2000-0028

    Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function.... Read more

    Affected Products : internet_explorer ie
    • Published: Dec. 23, 1999
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2000-0439

    Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain client cookies from another domain by including that domain name and escaped characters in a URL, aka the "Unauthorized Cookie Access" vulnerability.... Read more

    Affected Products : internet_explorer
    • Published: May. 11, 2000
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2002-1444

    The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and 6.0, allows remote attackers to cause a denial of service (crash with an exception in oleaut32.dll) via malicious HTML, possibly related to small width and height parameters or an incorr... Read more

    Affected Products : internet_explorer toolbar
    • Published: Aug. 15, 2002
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2002-0292

    Cross-site scripting vulnerability in Slash before 2.2.5, as used in Slashcode and elsewhere, allows remote attackers to steal cookies and authentication information from other users via Javascript in a URL, possibly in the formkey field.... Read more

    Affected Products : slashcode
    • Published: May. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2014-6527

    Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476.... Read more

    Affected Products : jre
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2011-3649

    Mozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D (aka D2D) API is used on Windows in conjunction with the Azure graphics back-end, allow remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, ... Read more

    Affected Products : firefox thunderbird windows
    • Published: Nov. 09, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 293704 Results