Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2004-1615

    Opera allows remote attackers to cause a denial of service (invalid memory reference and application crash) via a web page or HTML email that contains a TBODY tag with a large COL SPAN value, as demonstrated by mangleme.... Read more

    Affected Products : opera_browser
    • Published: Oct. 18, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2002-1030

    Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections.... Read more

    Affected Products : weblogic_server
    • Published: Oct. 04, 2002
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-2717

    Multiple directory traversal vulnerabilities in admin.php3 in PHPMyChat 0.14.5 allow remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the (1) sheet and (2) What parameters.... Read more

    Affected Products : phpmychat
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-0626

    Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies.... Read more

    Affected Products : squid
    • Published: Mar. 08, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2007-1008

    Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requi... Read more

    Affected Products : itunes
    • Published: Feb. 20, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2007-1903

    Cross-site scripting (XSS) vulnerability in search.php in SonicBB 1.0 allows remote attackers to inject arbitrary web script or HTML via the part parameter.... Read more

    Affected Products : sonicbb
    • Published: May. 14, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2015-5907

    WebKit in Apple iOS before 9 allows man-in-the-middle attackers to conduct redirection attacks by leveraging the mishandling of the resource cache of an SSL web site with an invalid X.509 certificate.... Read more

    Affected Products : iphone_os
    • Published: Sep. 18, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2004-0999

    zgv 5.5.3 allows remote attackers to cause a denial of service (application crash via segmentation fault) via crafted multiple-image (animated) GIF images.... Read more

    Affected Products : zgv_image_viewer
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-0124

    The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."... Read more

    • Published: Jun. 01, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2003-1581

    The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequenc... Read more

    Affected Products : http_server
    • Published: Feb. 05, 2010
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2007-5293

    Multiple cross-site scripting (XSS) vulnerabilities in IDMOS 1.0-beta (aka Phoenix) allow remote attackers to inject arbitrary web script or HTML via the (1) err_msg parameter to error.php and the (2) content parameter to templates/simple/ia.php.... Read more

    Affected Products : idmos
    • Published: Oct. 09, 2007
    • Modified: Apr. 09, 2025

  • 2.6

    LOW
    CVE-2014-6527

    Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476.... Read more

    Affected Products : jre
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2006-1786

    Cross-site scripting (XSS) vulnerability in Adobe Document Server for Reader Extensions 6.0 allows remote attackers to inject arbitrary web script or HTML via (1) the actionID parameter in ads-readerext and (2) the op parameter in AlterCast. NOTE: it is n... Read more

    Affected Products : document_server
    • Published: Apr. 13, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2013-1729

    The WebGL implementation in Mozilla Firefox before 24.0, when NVIDIA graphics drivers are used on Mac OS X, allows remote attackers to obtain desktop-screenshot data by reading from a CANVAS element.... Read more

    Affected Products : firefox mac_os_x
    • Published: Sep. 18, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2012-0021

    The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of servic... Read more

    Affected Products : http_server
    • Published: Jan. 28, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2014-9269

    Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 through 1.2.x before 1.2.18, when Extended project browser is enabled, allows remote attackers to inject arbitrary web script or HTML via the project cookie.... Read more

    Affected Products : debian_linux mantisbt
    • Published: Jan. 09, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2013-5854

    Unspecified vulnerability in Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows remote attackers to affect confidentiality via unknown vectors.... Read more

    Affected Products : jdk jre javafx
    • Published: Oct. 16, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2002-1233

    A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on te... Read more

    Affected Products : http_server
    • Published: Nov. 04, 2002
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2000-0726

    CGIMail.exe CGI program in Stalkerlab Mailers 1.1.2 allows remote attackers to read arbitrary files by specifying the file in the $Attach$ hidden form variable.... Read more

    Affected Products : mailers
    • Published: Oct. 20, 2000
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-0950

    unalz 0.53 allows user-assisted attackers to overwrite arbitrary files via an ALZ archive with ".." (dot dot) sequences in a filename.... Read more

    Affected Products : unalz
    • Published: Mar. 13, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 294690 Results