Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2012-3383

    The map_meta_cap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfiltered_html capability, which allows remote authenticated users to bypass intended access re... Read more

    Affected Products : wordpress
    • Published: Jul. 22, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-1787

    Adobe Document Server for Reader Extensions 6.0 includes a user's session (jsession) ID in the HTTP Referer header, which allows remote attackers to gain access to PDF files that are being processed within that session.... Read more

    Affected Products : document_server
    • Published: Apr. 13, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2013-2061

    The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a pad... Read more

    Affected Products : openvpn opensuse openvpn_access_server
    • Published: Nov. 18, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2010-0039

    The Application-Level Gateway (ALG) on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 modifies PORT commands in incoming FTP traffic, which allows remote attackers to use the device's IP a... Read more

    • Published: Dec. 22, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-4567

    Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a mal... Read more

    Affected Products : firefox thunderbird enterprise_linux
    • Published: Sep. 15, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2015-5281

    The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) 7, when used on UEFI systems, allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a crafted (1) multiboot or (2) multiboot2 module in the co... Read more

    Affected Products : enterprise_linux
    • Published: Nov. 24, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2008-5814

    Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear wheth... Read more

    Affected Products : php
    • Published: Jan. 02, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-0389

    Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) in Mac OS X 10.4 through 10.4.5 allows remote attackers to execute arbitrary JavaScript via unspecified vectors involving RSS feeds.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Mar. 03, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1740

    Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the l... Read more

    • Published: Apr. 14, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2012-5077

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown ... Read more

    Affected Products : jdk jre jre jdk
    • Published: Oct. 16, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-1945

    Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the config parameter. NOTE: this might be the same core issue as CVE-2005-2732.... Read more

    Affected Products : awstats awstats
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4573

    Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences.... Read more

    Affected Products : screen
    • Published: Oct. 24, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2025-20030

    Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable information disclosure via adjacent access.... Read more

    Affected Products :
    • Published: May. 13, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Information Disclosure

  • 2.6

    LOW
    CVE-2006-3612

    Cross-site scripting (XSS) vulnerability in Phorum 5.1.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : phorum
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2025-47794

    Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server prior to 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1, an attacker on a multi-user system m... Read more

    Affected Products : notes
    • Published: May. 16, 2025
    • Modified: May. 19, 2025
    • Vuln Type: Information Disclosure

  • 2.6

    LOW
    CVE-2009-2268

    Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : java_system_access_manager
    • Published: Jul. 01, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2008-0995

    The Printing component in Apple Mac OS X 10.5.2 uses 40-bit RC4 when printing to an encrypted PDF file, which makes it easier for attackers to decrypt the file via brute force methods.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Mar. 18, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2007-3474

    Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 have unspecified impact and user-assisted remote attack vectors.... Read more

    Affected Products : libgd gd_graphics_library
    • Published: Jun. 28, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2022-21929

    Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Jan. 11, 2022
    • Modified: Nov. 21, 2024

  • 2.6

    LOW
    CVE-2013-2037

    httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attack... Read more

    Affected Products : ubuntu_linux httplib2
    • Published: Jan. 18, 2014
    • Modified: Apr. 11, 2025
Showing 20 of 293592 Results