Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2014-6502

    Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries.... Read more

    Affected Products : jdk jre
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2014-6585

    Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6591.... Read more

    Affected Products : jdk jre
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2014-2478

    Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote attackers to affect confidentiality via unknown vectors.... Read more

    Affected Products : database_server
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2012-2947

    chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial o... Read more

    • Published: Jun. 02, 2012
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-5808

    Unspecified vulnerability in the Oracle iPlanet Web Proxy Server component in Oracle Fusion Middleware 4.0 allows remote attackers to affect confidentiality via unknown vectors related to Administration.... Read more

    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2014-0595

    /opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open Enterprise Server (OES) 11 Linux SP2 does not properly manage a certain array, which allows local users to obtain the S permission in opportunistic circumstances by leveraging the gran... Read more

    • Published: May. 08, 2014
    • Modified: Apr. 12, 2025

  • 2.6

    LOW
    CVE-2014-0591

    The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exi... Read more

    Affected Products : bind
    • Published: Jan. 14, 2014
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-5099

    Cross-site scripting (XSS) vulnerability in article.php in Anchor CMS 0.9.1, when comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Name field. NOTE: some sources have reported that comments.php is vulnerable, b... Read more

    Affected Products : anchor_cms
    • Published: Aug. 09, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-7078

    Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property ... Read more

    Affected Products : typo3
    • Published: Jan. 19, 2014
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-4944

    Cross-site scripting (XSS) vulnerability in the BuddyPress Extended Friendship Request plugin before 1.0.2 for WordPress, when the "Friend Connections" component is enabled, allows remote attackers to inject arbitrary web script or HTML via the friendship... Read more

    • Published: Jul. 29, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-5587

    Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers to inject arbitrary web script or HTML via a URL in a ticket. NOTE: this issue has been SPLIT from CVE-2013-3371 du... Read more

    Affected Products : rt request_tracker
    • Published: Aug. 23, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-4505

    The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL... Read more

    Affected Products : subversion mod_dontdothat
    • Published: Dec. 07, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-5183

    Mail in Apple Mac OS X before 10.9, when Kerberos authentication is enabled and TLS is disabled, sends invalid cleartext data, which allows remote attackers to obtain sensitive information by sniffing the network.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Oct. 24, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2011-3872

    Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certific... Read more

    • Published: Oct. 27, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-4954

    Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Genetech Solutions Pie-Register plugin before 1.31 for WordPress, when "Allow New Registrations to set their own Password" is enabled, allow remote attackers to inject arbitrary we... Read more

    Affected Products : wordpress pie-register
    • Published: Jul. 29, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2011-1499

    acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy serv... Read more

    Affected Products : debian_linux tinyproxy
    • Published: Apr. 29, 2011
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-5137

    IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API.... Read more

    Affected Products : iphone_os
    • Published: Sep. 19, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2013-5315

    Cross-site scripting (XSS) vulnerability in the Resource Manager in the MEE submodule (mee.module) in the Scald module 6.x-1.x before 6.x-1.0-beta3 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via th... Read more

    Affected Products : drupal scald
    • Published: Aug. 19, 2013
    • Modified: Apr. 11, 2025

  • 2.6

    LOW
    CVE-2005-2274

    Microsoft Internet Explorer 6.0 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofi... Read more

    Affected Products : internet_explorer
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2010-2431

    The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file.... Read more

    Affected Products : cups
    • Published: Jun. 22, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 294717 Results