Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2015-4388

    Cross-site scripting (XSS) vulnerability in the Current Search Links module 7.x-1.x before 7.x-1.1 for Drupal, when the "Append the keywords passed by the user to the list" option is disabled, allows remote attackers to inject arbitrary web script or HTML... Read more

    Affected Products : current_search_links
    • Published: Jun. 15, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2000-0503

    The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows a remote attacker to violate the cross frame security policy via the NavigateComplete2 event.... Read more

    Affected Products : internet_explorer
    • Published: Jun. 06, 2000
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2012-3952

    Cross-site scripting (XSS) vulnerability in admin/index.php in phpList before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the unconfirmed parameter to the user page.... Read more

    Affected Products : phplist
    • Published: Aug. 12, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2008-0274

    Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when certain .htaccess protections are disabled, allows remote attackers to inject arbitrary web script or HTML via crafted links involving theme .tpl.php files.... Read more

    Affected Products : drupal
    • Published: Jan. 15, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2008-4308

    The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.... Read more

    Affected Products : tomcat
    • Published: Feb. 26, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2009-1536

    ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a ser... Read more

    • Published: Aug. 12, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2010-5143

    McAfee VirusScan Enterprise before 8.8 allows local users to disable the product by leveraging administrative privileges to execute an unspecified Metasploit Framework module.... Read more

    Affected Products : virusscan_enterprise
    • Published: Aug. 22, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2004-1489

    Opera 7.54 and earlier does not properly limit an applet's access to internal Java packages from Sun, which allows remote attackers to gain sensitive information, such as user names and the installation directory.... Read more

    Affected Products : opera_browser
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2010-4883

    Cross-site scripting (XSS) vulnerability in manager/index.php in MODx Revolution 2.0.2-pl allows remote attackers to inject arbitrary web script or HTML via the modhash parameter.... Read more

    Affected Products : modx_revolution revolution
    • Published: Oct. 07, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2000-1003

    NETBIOS client in Windows 95 and Windows 98 allows a remote attacker to cause a denial of service by changing a file sharing service to return an unknown driver type, which causes the client to crash.... Read more

    Affected Products : windows_95 windows_98 windows_98se
    • Published: Dec. 11, 2000
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-1877

    The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently revea... Read more

    Affected Products : http_server application_server
    • Published: Mar. 30, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-1396

    Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (application crash or CPU consumption) via (1) an mp4 or m4a playlist file that contains invalid tag data or (2) an invalid .nsv or .nsa file.... Read more

    Affected Products : winamp
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2008-0994

    Preview in Apple Mac OS X 10.5.2 uses 40-bit RC4 when saving a PDF file with encryption, which makes it easier for attackers to decrypt the file via brute force methods.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Mar. 18, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2014-2431

    Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.... Read more

    • Published: Apr. 16, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2007-2727

    The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which mi... Read more

    Affected Products : php
    • Published: May. 16, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2007-0895

    Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level as it... Read more

    Affected Products : solaris sunos
    • Published: Feb. 13, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2014-2420

    Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Deployment.... Read more

    Affected Products : jdk jre
    • Published: Apr. 16, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2014-1690

    The help function in net/netfilter/nf_nat_irc.c in the Linux kernel before 3.12.8 allows remote attackers to obtain sensitive information from kernel memory by establishing an IRC DCC session in which incorrect packet data is transmitted during use of the... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: Feb. 28, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2014-3966

    Cross-site scripting (XSS) vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid userna... Read more

    Affected Products : mediawiki
    • Published: Jun. 06, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2006-0950

    unalz 0.53 allows user-assisted attackers to overwrite arbitrary files via an ALZ archive with ".." (dot dot) sequences in a filename.... Read more

    Affected Products : unalz
    • Published: Mar. 13, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293659 Results