Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-1999-0133

    fm_fls license server for Adobe Framemaker allows local users to overwrite arbitrary files and gain root access.... Read more

    Affected Products : framemaker
    • EPSS Score: %0.31
    • Published: Aug. 14, 1996
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2000-0387

    The makelev program in the golddig game from the FreeBSD ports collection allows local users to overwrite arbitrary files.... Read more

    Affected Products : golddig
    • EPSS Score: %0.11
    • Published: May. 09, 2000
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-2023

    The get_parameter_from_freqency_source function in beep2 1.0, 1.1 and 1.2, when installed setuid root, allows local users to read arbitrary files via unknown attack vectors.... Read more

    Affected Products : shingo_beep2
    • EPSS Score: %0.06
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-0917

    Melange Chat Server (aka M-Chat), when accessed via a web browser, automatically sends cookies and other sensitive information for a server to any port specified in the associated link, which allows local users on that server to read the cookies from HTTP... Read more

    Affected Products : melange_chat_system
    • EPSS Score: %0.08
    • Published: Feb. 28, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2014-5037

    Eucalyptus 4.0.0 through 4.0.1, when the log level is set to INFO, logs user and system passwords, which allows local users to obtain sensitive information by reading cloud-requests.log.... Read more

    Affected Products : eucalyptus
    • EPSS Score: %0.06
    • Published: Nov. 07, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2012-5233

    Cross-site scripting (XSS) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote authenticated users with edit stickynotes privileges to inject arbitrary web script or HTML via unspecified vecotrs.... Read more

    Affected Products : drupal stickynote
    • EPSS Score: %0.32
    • Published: Oct. 01, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2002-2000

    ACMS 4.3 and 4.4 in OpenVMS Alpha 7.2 and 7.3 does not properly use process privileges, which allows attackers to access data.... Read more

    Affected Products : acms
    • EPSS Score: %0.15
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2013-4503

    Cross-site scripting (XSS) vulnerability in the Feed Element Mapper module for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via vectors related to options.... Read more

    Affected Products : feed_element_mapper
    • EPSS Score: %0.18
    • Published: May. 13, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2002-0712

    Entrust Authority Security Manager (EASM) 6.0 does not properly require multiple master users to change the password of a master user, which could allow a master user to perform operations that require multiple authorizations.... Read more

    • EPSS Score: %0.25
    • Published: Feb. 03, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-0507

    An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous u... Read more

    Affected Products : exchange_server securid
    • EPSS Score: %1.46
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-2127

    Integrity Protection Driver (IPD) 1.2 and earlier blocks access to \Device\PhysicalMemory by its name, which could allow local privileged processes to overwrite kernel memory by accessing the device through a symlink.... Read more

    Affected Products : integrity_protection_driver
    • EPSS Score: %0.08
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-1956

    ROX Filer 1.1.9 and 1.2 is installed with world writable permissions, which allows local users to write to arbitrary files.... Read more

    Affected Products : filer
    • EPSS Score: %0.10
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-7204

    The imap_body function in PHP before 4.4.4 does not implement safemode or open_basedir checks, which allows local users to read arbitrary files or list arbitrary directory contents.... Read more

    Affected Products : php
    • EPSS Score: %0.31
    • Published: May. 22, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-1999-1564

    FreeBSD 3.2 and possibly other versions allows a local user to cause a denial of service (panic) with a large number accesses of an NFS v3 mounted directory from a large number of processes.... Read more

    Affected Products : freebsd
    • EPSS Score: %0.06
    • Published: Sep. 02, 1999
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2014-3800

    XBMC 13.0 uses world-readable permissions for .xbmc/userdata/sources.xml, which allows local users to obtain user names and passwords by reading this file.... Read more

    Affected Products : xbmc
    • EPSS Score: %0.05
    • Published: Aug. 07, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2006-4190

    Directory traversal vulnerability in autohtml.php in the AutoHTML module for PHP-Nuke allows local users to include arbitrary files via a .. (dot dot) in the name parameter for a modload operation.... Read more

    Affected Products : autohtml_module
    • EPSS Score: %0.15
    • Published: Aug. 17, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2011-5189

    Cross-site scripting (XSS) vulnerability in the Webform Validation module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with permissions to "update Webform nodes" to inject arbitrary web script or HTML via ... Read more

    Affected Products : drupal webform_validation
    • EPSS Score: %0.25
    • Published: Sep. 20, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2008-3067

    sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when password entry times out, which might allow local users to obtain a password by reading stdin from the parent process after a sudo child process exits.... Read more

    Affected Products : opensuse opensuse
    • EPSS Score: %0.06
    • Published: Jul. 07, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2010-1984

    Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb module 5.x before 5.x-1.5 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via the taxonom... Read more

    Affected Products : drupal taxonomy_breadcrumb
    • EPSS Score: %0.25
    • Published: May. 19, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2006-1997

    Unspecified vulnerability in Sybase Pylon Anywhere groupware synchronization server before 7.0 allows local users to obtain sensitive information such as email and PIM data of another user via unknown attack vectors.... Read more

    Affected Products : pylon_anywhere
    • EPSS Score: %0.08
    • Published: Apr. 25, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 291741 Results