Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2006-3245

    Multiple cross-site scripting (XSS) vulnerabilities in activatemember in mvnForum 1.0 GA and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) member and (2) activatecode parameters.... Read more

    Affected Products : mvnforum
    • Published: Jun. 27, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3217

    JaguarEditControl (JEdit) ActiveX Control 1.1.0.20 and earlier allows remote attackers to obtain sensitive information, such as the username and MAC and IP addresses, by setting the test field to certain values such as 2404 or 2790, then reading the infor... Read more

    Affected Products : jaguaredit
    • Published: Jun. 24, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2009-0286

    Directory traversal vulnerability in upgrade/index.php in OpenGoo 1.1, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the form_data[script_class] parameter.... Read more

    Affected Products : opengoo
    • Published: Jan. 27, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2009-5085

    IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when configured as an OpenID provider, does not delete the site information cookie in response to a user's deletion of a relying-party trust entry, which allows user-assisted remote attack... Read more

    Affected Products : tivoli_federated_identity_manager
    • Published: Aug. 12, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2009-4652

    The (1) Conn_GetCipherInfo and (2) Conn_UsesSSL functions in src/ngircd/conn.c in ngIRCd 13 and 14, when SSL/TLS support is present and standalone mode is disabled, allow remote attackers to cause a denial of service (application crash) by sending the MOT... Read more

    Affected Products : ngircd ngircd
    • Published: Feb. 26, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-3225

    Cross-site scripting (XSS) vulnerability in Sun ONE Application Server 7 before Update 9, Java System Application Server 7 2004Q2 before Update 5, and Java System Application Server Enterprise Edition 8.1 2005 Q1 allows remote attackers to inject arbitrar... Read more

    • Published: Jun. 26, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2012-3368

    Integer signedness error in attach.c in dtach 0.8 allows remote attackers to obtain sensitive information from daemon stack memory in opportunistic circumstances by reading application data after an improper connection-close request, as demonstrated by ru... Read more

    Affected Products : dtach
    • Published: Jul. 03, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2006-3237

    Cross-site scripting (XSS) vulnerability in index.php in Enterprise Groupware System (EGS) 1.2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the module parameter.... Read more

    Affected Products : enterprise_groupware_systems
    • Published: Jun. 27, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2009-4249

    Multiple cross-site scripting (XSS) vulnerabilities in CutePHP CuteNews 1.4.6, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) lastusername and (2) mod parameters... Read more

    Affected Products : cutenews
    • Published: Dec. 10, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2009-1986

    Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality via unknown vectors.... Read more

    Affected Products : e-business_suite
    • Published: Jul. 14, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2009-1905

    The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a dat... Read more

    Affected Products : db2
    • Published: Jun. 03, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2009-3300

    Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative Shibboleth allow remote attacker... Read more

    Affected Products : identity_provider service_provider
    • Published: Nov. 06, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-3241

    Cross-site scripting (XSS) vulnerability in messages.php in XennoBB 1.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the tid parameter.... Read more

    Affected Products : xennobb
    • Published: Jun. 27, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2009-1823

    Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.7 and 6.x before 6.x-1.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML by modifying a document head... Read more

    Affected Products : drupal print
    • Published: May. 29, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2012-0475

    Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site (1) XMLH... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Apr. 25, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2009-1614

    Multiple cross-site scripting (XSS) vulnerabilities in Leap CMS 0.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the msg parameter (aka the message in an article comment) or (2) the searchterm parameter (aka the search post form... Read more

    Affected Products : leap
    • Published: May. 11, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2008-5825

    The SmartPoster implementation on the Nokia 6131 Near Field Communication (NFC) phone with 05.12 firmware does not properly display the URI record when the Title record contains a certain combination of space, CR (aka \r), and . (dot) characters, which al... Read more

    Affected Products : 6131_nfc
    • Published: Jan. 02, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2004-1449

    Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control.... Read more

    Affected Products : thunderbird mozilla firebird
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-0190

    Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to delete arbitrary files via a Real Metadata Packages (RMP) file with a FILENAME tag containing .. (dot dot) sequences in a filename that ends with a ?... Read more

    Affected Products : realplayer realone_player
    • Published: Sep. 29, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-0586

    Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content.... Read more

    Affected Products : firefox mozilla
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 294287 Results