Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2009-5100

    Pentaho BI Server 1.7.0.1062 and earlier does not set the autocomplete tag to off on web pages using a password field, which might allow physically proximate attackers to obtain the password.... Read more

    Affected Products : bi_server
    • EPSS Score: %0.08
    • Published: Sep. 13, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2005-2725

    The inputtrap utility in QNX RTOS 6.1.0, 6.3, and possibly earlier versions does not properly check permissions when the -t flag is specified, which allows local users to read arbitrary files.... Read more

    Affected Products : rtos
    • EPSS Score: %0.13
    • Published: Aug. 30, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-1983

    The timer implementation in QNX RTOS 6.1.0 allows local users to cause a denial of service (hang) and possibly execute arbitrary code by creating multiple timers with a 1-ms tick.... Read more

    Affected Products : rtos
    • EPSS Score: %0.25
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2015-1005

    IniNet embeddedWebServer (aka eWebServer) before 2.02 for Windows CE uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : scada_web_server
    • EPSS Score: %0.06
    • Published: Oct. 25, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-3800

    XBMC 13.0 uses world-readable permissions for .xbmc/userdata/sources.xml, which allows local users to obtain user names and passwords by reading this file.... Read more

    Affected Products : xbmc
    • EPSS Score: %0.05
    • Published: Aug. 07, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2003-1265

    Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages.... Read more

    Affected Products : mozilla navigator
    • EPSS Score: %0.14
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2000-0691

    The faxrunq and faxrunqd in the mgetty package allows local users to create or modify arbitrary files via a symlink attack which creates a symlink in from /var/spool/fax/outgoing/.last_run to the target file.... Read more

    Affected Products : linux mgetty
    • EPSS Score: %0.25
    • Published: Oct. 20, 2000
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2012-5538

    Cross-site scripting (XSS) vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.6 for Drupal, when the field has "Reference existing" source enabled, allows remote authenticated users to inject arbitrary web script... Read more

    Affected Products : drupal filefield_sources
    • EPSS Score: %0.20
    • Published: Dec. 03, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2006-5806

    SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when configured to spawn a web browser after a successful connection, stores sensitive browser session information in a directory outside of the CSD vault and does not restrict the user from saving f... Read more

    Affected Products : secure_desktop
    • EPSS Score: %0.09
    • Published: Nov. 08, 2006
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2005-4273

    Multiple unspecified vulnerabilities in (1) getShell and (2) getCommand in IBM AIX 5.3 allow local users to append to arbitrary files.... Read more

    Affected Products : aix
    • EPSS Score: %0.06
    • Published: Dec. 15, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2025-43753

    A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.32 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through ... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.1

    LOW
    CVE-2007-6363

    IBM Tivoli Netcool Security Manager 1.3.0 before Interim Fix 1, when using Active Directory (AD) LDAP authentication, allows remote attackers to obtain login access via unspecified vectors without entering a password.... Read more

    Affected Products : tivoli_netcool_security_manager
    • EPSS Score: %0.17
    • Published: Dec. 15, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2011-2208

    Integer signedness error in the osf_getdomainname function in arch/alpha/kernel/osf_sys.c in the Linux kernel before 2.6.39.4 on the Alpha platform allows local users to obtain sensitive information from kernel memory via a crafted call.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.13
    • Published: Jun. 13, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-2760

    mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.... Read more

    Affected Products : mod_auth_openid
    • EPSS Score: %0.42
    • Published: Jul. 25, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2005-0510

    The daemon for fallback-reboot before 0.995 allows attackers to cause a denial of service (daemon exit), possibly related to verbose debug messages when the daemon is not on a tty.... Read more

    Affected Products : fallback-reboot
    • EPSS Score: %0.06
    • Published: Mar. 14, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2003-0887

    ez-ipupdate 3.0.11b7 and earlier creates insecure temporary cache files, which allows local users to conduct unauthorized operations via a symlink attack on the ez-ipupdate.cache file.... Read more

    Affected Products : ez-ipupdate
    • EPSS Score: %0.06
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-0417

    Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files.... Read more

    Affected Products : kerberos_5 kerberos
    • EPSS Score: %0.11
    • Published: Jun. 27, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2003-1065

    Unknown vulnerability in patches 108993-14 through 108993-19 and 108994-14 through 108994-19 for Solaris 8 may allow local users to cause a denial of service (automountd crash).... Read more

    Affected Products : solaris sunos
    • EPSS Score: %0.06
    • Published: Jul. 23, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-0473

    The rsync command before rsync 2.3.1 may inadvertently change the permissions of the client's working directory to the permissions of the directory being transferred.... Read more

    Affected Products : rsync
    • EPSS Score: %0.10
    • Published: Apr. 07, 1999
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-1495

    xtvscreen in SuSE Linux 6.0 allows local users to overwrite arbitrary files via a symlink attack on the pic000.pnm file.... Read more

    Affected Products : suse_linux
    • EPSS Score: %0.06
    • Published: Feb. 18, 1999
    • Modified: Apr. 03, 2025
Showing 20 of 291641 Results