Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2006-1848

    Multiple cross-site scripting (XSS) vulnerabilities in stats_view.php in LinPHA 1.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, and (3) date parameter.... Read more

    Affected Products : linpha
    • Published: Apr. 19, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3062

    Cross-site scripting (XSS) vulnerability in index.php in myPHP Guestbook 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter.... Read more

    Affected Products : myphp_guestbook
    • Published: Jun. 19, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2009-0354

    Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting (XSS) attacks, via vectors invol... Read more

    Affected Products : firefox
    • Published: Feb. 04, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-1842

    Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) NAME and (2) COMMENTS parameters.... Read more

    Affected Products : shoutbook
    • Published: Apr. 19, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3071

    Cross-site scripting (XSS) vulnerability in index.php in MP3 Search/Archive 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter, as used by the "search box", and (2) res parameter.... Read more

    Affected Products : mp3_search_archive
    • Published: Jun. 19, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-1815

    Multiple cross-site scripting (XSS) vulnerabilities in register.php in Tritanium Bulletin Board (TBB) 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) newuser_realname and (2) newuser_icq parameters, a different vector than ... Read more

    Affected Products : tritanium_bulletin_board
    • Published: Apr. 18, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2366

    ircp_io.c in libopenobex for ircp 1.2, when ircp is run with the -r option, does not prompt the user when overwriting files, which allows user-assisted remote attackers to overwrite dangerous files via an arbitrary destination file name in an OBEX File Tr... Read more

    Affected Products : openobex
    • Published: May. 15, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2014-2420

    Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Deployment.... Read more

    Affected Products : jdk jre
    • Published: Apr. 16, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2010-2751

    The nsDocShell::OnRedirectStateChange function in docshell/base/nsDocShell.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to spoof the SSL security status of a document via vectors in... Read more

    Affected Products : firefox seamonkey
    • Published: Jul. 30, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2014-1690

    The help function in net/netfilter/nf_nat_irc.c in the Linux kernel before 3.12.8 allows remote attackers to obtain sensitive information from kernel memory by establishing an IRC DCC session in which incorrect packet data is transmitted during use of the... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: Feb. 28, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2007-4679

    CFFTP in CFNetwork for Apple Mac OS X 10.4 through 10.4.10 allows remote FTP servers to force clients to connect to other hosts via crafted responses to FTP PASV commands.... Read more

    Affected Products : mac_os_x
    • Published: Nov. 15, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2015-5667

    Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment.... Read more

    Affected Products : html-scrubber
    • Published: Oct. 31, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2014-2431

    Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.... Read more

    • Published: Apr. 16, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2006-3620

    Cross-site scripting (XSS) vulnerability in the showtopic module in Koobi Pro CMS 5.6 allows remote attackers to inject arbitrary web script or HTML via the toid parameter.... Read more

    Affected Products : koobi_pro
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3841

    Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before bein... Read more

    Affected Products : webscarab
    • Published: Jul. 25, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2015-7046

    The Sandbox feature in xnu in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not properly implement privilege separation, which allows attackers to bypass the ASLR protection mechanism via a crafted app with root p... Read more

    Affected Products : mac_os_x iphone_os tvos watchos
    • Published: Dec. 11, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2006-6123

    Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _REQUES... Read more

    • Published: Nov. 26, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-4685

    The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.... Read more

    Affected Products : xml_core_services xml_parser
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-3769

    Multiple cross-site scripting (XSS) vulnerabilities in Top XL 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pass and (2) pass2 parameters in (a) add.php or the (3) id parameter in (b) members/index.php.... Read more

    Affected Products : top_xl
    • Published: Jul. 24, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-6068

    Directory traversal vulnerability in the cached_album function in functions.php for mAlbum 0.3 and earlier allows remote attackers to list filenames of arbitrary images via a .. (dot dot) in the gal parameter to index.php.... Read more

    Affected Products : malbum
    • Published: Nov. 22, 2006
    • Modified: Apr. 09, 2025
Showing 20 of 293592 Results