Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2010-2431

    The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file.... Read more

    Affected Products : cups
    • Published: Jun. 22, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2014-3886

    Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when referrer checking is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.... Read more

    Affected Products : webmin
    • Published: Jul. 20, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2005-2126

    The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite fi... Read more

    • Published: Oct. 21, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2832

    Cross-site scripting (XSS) vulnerability in the upload module (upload.module) in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename.... Read more

    Affected Products : drupal
    • Published: Jun. 06, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2012-3450

    pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds rea... Read more

    Affected Products : php
    • Published: Aug. 06, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2015-6921

    Cross-site scripting (XSS) vulnerability in the Zendesk Feedback Tab module 7.x-1.x before 7.x-1.1 for Drupal allows remote administrators with the "Configure Zendesk Feedback Tab" permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : zendesk_feedback_tab
    • Published: Sep. 11, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2015-2627

    Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to installation.... Read more

    Affected Products : jdk jre
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2008-4937

    senddoc in OpenOffice.org (OOo) 2.4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/log.obr.##### temporary file.... Read more

    Affected Products : openoffice.org
    • Published: Nov. 05, 2008
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2015-4926

    Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.1, and 12.2 allows remote attackers to affect integrity via vectors related to UIX.... Read more

    Affected Products : e-business_suite
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2005-0593

    Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP server that uses SSL, which causes th... Read more

    Affected Products : firefox mozilla
    • Published: Mar. 04, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-2547

    NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error mess... Read more

    Affected Products : surgemail webmail
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-1324

    The Microsoft Windows Media Player 9.0 ActiveX control may allow remote attackers to execute arbitrary web script in the Local computer zone via the (1) artist or (2) song fields of a music file, if the file is processed using Internet Explorer.... Read more

    • Published: Dec. 18, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-0484

    mshtml.dll in Microsoft Internet Explorer 6.0.2800 allows remote attackers to cause a denial of service (crash) via a table containing a form that crosses multiple td elements, and whose "float: left" class is defined in a link to a CSS stylesheet after t... Read more

    Affected Products : internet_explorer
    • Published: Jul. 07, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2002-1813

    Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8.2790 allows remote attackers to execute arbitrary programs by specifying the program in the href attribute of a link.... Read more

    Affected Products : instant_messenger
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-0445

    The SYMDNS.SYS driver in Symantec Norton Internet Security and Professional 2002 through 2004, Norton Personal Firewall 2002 through 2004, Norton AntiSpam 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 through 2.0 allows remote attackers to... Read more

    • Published: Jul. 07, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2002-2177

    BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP requests in a way that can cause BEA to send the same response for two different HTTP requests, which could allow remote attackers to obtain sensitive information that was intended for other... Read more

    Affected Products : weblogic_server
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-0478

    Unknown versions of Mozilla allow remote attackers to cause a denial of service (high CPU/RAM consumption) using Javascript with an infinite loop that continues to add input to a form, possibly as the result of inserting control characters, as demonstrat... Read more

    Affected Products : mozilla
    • Published: Jul. 07, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-1615

    Opera allows remote attackers to cause a denial of service (invalid memory reference and application crash) via a web page or HTML email that contains a TBODY tag with a large COL SPAN value, as demonstrated by mangleme.... Read more

    Affected Products : opera_browser
    • Published: Oct. 18, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2002-1030

    Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections.... Read more

    Affected Products : weblogic_server
    • Published: Oct. 04, 2002
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-1490

    Opera 7.54 and earlier allows remote attackers to spoof file types in the download dialog via dots and non-breaking spaces (ASCII character code 160) in the (1) Content-Disposition or (2) Content-Type headers.... Read more

    Affected Products : opera_browser
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 293611 Results