Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2005-1801

    The vCard viewer in Nokia 9500 allows attackers to cause a denial of service (crash) via a vCard with a long Name field, which causes the crash when the user views it.... Read more

    Affected Products : 9500
    • Published: May. 26, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3619

    Directory traversal vulnerability in FastJar 0.93, as used in Gnu GCC 4.1.1 and earlier, and 3.4.6 and earlier, allows user-assisted attackers to overwrite arbitrary files via a .jar file containing filenames with "../" sequences.... Read more

    Affected Products : fastjar
    • Published: Jul. 25, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2610

    Cross-site scripting (XSS) vulnerability in view.php in phpRaid 2.9.5 allows remote attackers to inject arbitrary web script or HTML via the (1) URL query string and the (2) Sort parameter.... Read more

    Affected Products : phpraid
    • Published: May. 26, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2348

    Cross-site scripting (XSS) vulnerability in form_grupo.html in E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this issue might be resultant from SQL injection.... Read more

    Affected Products : e-business_designer
    • Published: May. 12, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2009-0455

    Cross-site scripting (XSS) vulnerability in the anonymous comments feature in lib-comment.php in glFusion 1.1.0, 1.1.1, and earlier versions allows remote attackers to inject arbitrary web script or HTML via the username parameter to comment.php.... Read more

    Affected Products : glfusion
    • Published: Feb. 11, 2009
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2006-4570

    Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with "Load Images" enabled, allows remote user-assisted attackers to bypass settings that disable JavaScript via a remote XBL file in a message that is loaded when the user views, forwards, or... Read more

    Affected Products : thunderbird seamonkey
    • Published: Sep. 15, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2653

    Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter.... Read more

    Affected Products : dsa-3100_airspot_gateway
    • Published: May. 30, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2518

    Cross-site scripting (XSS) vulnerability in phpwcms 1.2.5-DEV allows remote attackers to inject arbitrary web script or HTML via the BL[be_cnt_plainhtml] parameter to include/inc_tmpl/content/cnt6.inc.php.... Read more

    Affected Products : phpwcms
    • Published: May. 22, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2572

    Cross-site scripting (XSS) vulnerability in index.php in DGBook 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) homepage, (3) email, and (4) address parameters.... Read more

    Affected Products : dgbook
    • Published: May. 24, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2519

    Directory traversal vulnerability in include/inc_ext/spaw/spaw_control.class.php in phpwcms 1.2.5-DEV allows remote attackers to include arbitrary local files via .. (dot dot) sequences in the spaw_root parameter. NOTE: CVE analysis suggests that this is... Read more

    Affected Products : phpwcms
    • Published: May. 22, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3482

    Cross-site scripting (XSS) vulnerability in maillist.php in PHPMailList 1.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter.... Read more

    Affected Products : phpmaillist
    • Published: Jul. 10, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2729

    Cross-site scripting (XSS) vulnerability in superalbum/index.php in Photoalbum B&W 1.3 allows remote attackers to inject arbitrary web script or HTML via the gal parameter. NOTE: the provenance of this information is unknown; the details are obtained sol... Read more

    Affected Products : photoalbum_bandw
    • Published: Jun. 01, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-2903

    Cross-site scripting (XSS) vulnerability in admin.php in Particle Links 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the username parameter.... Read more

    Affected Products : particle_links
    • Published: Jun. 08, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2009-0286

    Directory traversal vulnerability in upgrade/index.php in OpenGoo 1.1, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the form_data[script_class] parameter.... Read more

    Affected Products : opengoo
    • Published: Jan. 27, 2009
    • Modified: Apr. 09, 2025

  • 2.5

    LOW
    CVE-2020-2749

    Vulnerability in the Oracle Solaris product of Oracle Systems (component: SMF command svcbundle). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle... Read more

    Affected Products : solaris solaris
    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024

  • 2.5

    LOW
    CVE-2020-2771

    Vulnerability in the Oracle Solaris product of Oracle Systems (component: Whodo). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris e... Read more

    Affected Products : solaris solaris
    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024

  • 2.5

    LOW
    CVE-2015-7473

    runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass intended queue-manager command access restrictions by leveraging authority for +connect and +dsp.... Read more

    Affected Products : websphere_mq
    • Published: Jun. 26, 2016
    • Modified: Apr. 12, 2025

  • 2.5

    LOW
    CVE-2015-7436

    IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 preserves us... Read more

    Affected Products : tivoli_common_reporting
    • Published: Jan. 02, 2016
    • Modified: Apr. 12, 2025

  • 2.5

    LOW
    CVE-2024-21002

    Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exp... Read more

    • Published: Apr. 16, 2024
    • Modified: May. 29, 2025

  • 2.5

    LOW
    CVE-2017-3513

    Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon ... Read more

    Affected Products : vm_virtualbox
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294132 Results