Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.2

    LOW
    CVE-2023-23349

    Kaspersky has fixed a security issue in Kaspersky Password Manager (KPM) for Windows that allowed a local user to recover the auto-filled credentials from a memory dump when the KPM extension for Google Chrome is used. To exploit the issue, an attacker mu... Read more

    Affected Products :
    • Published: Mar. 22, 2024
    • Modified: Nov. 21, 2024

  • 2.2

    LOW
    CVE-2024-53861

    pyjwt is a JSON Web Token implementation in Python. An incorrect string comparison is run for `iss` checking, resulting in `"acb"` being accepted for `"_abc_"`. This is a bug introduced in version 2.10.0: checking the "iss" claim changed from `isinstance(... Read more

    Affected Products : pyjwt
    • Published: Nov. 29, 2024
    • Modified: Dec. 02, 2024

  • 2.2

    LOW
    CVE-2024-53564

    A vulnerability was discovered in FreePBX 17.0.19.17. It does not verify the type of uploaded (valid FreePBX module) files, allowing high-privilege administrators to insert unwanted files. NOTE: the Supplier's position is that there is no risk beyond what... Read more

    Affected Products : freepbx
    • Published: Dec. 02, 2024
    • Modified: Jan. 09, 2025

  • 2.1

    LOW
    CVE-1999-0442

    Solaris ff.core allows local users to modify files.... Read more

    Affected Products : solaris sunos
    • EPSS Score: %0.15
    • Published: Jan. 07, 1999
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-0747

    Denial of service in BSDi Symmetric Multiprocessing (SMP) when an fstat call is made when the system has a high CPU load.... Read more

    Affected Products : bsd_os
    • EPSS Score: %0.08
    • Published: Aug. 18, 1999
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-0803

    The fwluser script in AIX eNetwork Firewall allows local users to write to arbitrary files via a symlink attack.... Read more

    Affected Products : aix_enetwork_firewall
    • EPSS Score: %2.71
    • Published: May. 25, 1999
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-4690

    Six Apart Movable Type 3.16 allows local users with blog-creation privileges to create or overwrite arbitrary files of certain types (such as HTML and image files) by selecting an arbitrary directory as a blog's top-level directory. NOTE: this issue can ... Read more

    Affected Products : movable_type
    • EPSS Score: %0.08
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-2126

    restrictEnabled in Integrity Protection Driver (IPD) 1.2 delays driver installation for 20 minutes, which allows local users to insert malicious code by setting system clock to an earlier time.... Read more

    Affected Products : integrity_protection_driver
    • EPSS Score: %0.07
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-0642

    Directory traversal vulnerability in IncrediMail version 1400185 and earlier allows local users to overwrite files on the local hard drive by appending .. (dot dot) sequences to filenames listed in the content.ini file.... Read more

    Affected Products : incredimail
    • EPSS Score: %0.12
    • Published: Sep. 20, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0481

    The logging feature in kcms_configure in the KCMS package on Solaris 8 and 9, and possibly other versions, allows local users to corrupt arbitrary files via a symlink attack on the KCS_ClogFile file.... Read more

    Affected Products : solaris sunos
    • EPSS Score: %0.05
    • Published: Feb. 23, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2007-1194

    Norman SandBox Analyzer does not use the proper range for Interrupt Descriptor Table (IDT) entries, which allows local users to determine that the local machine is an emulator, or a similar environment not based on a physical Intel processor, which allows... Read more

    Affected Products : norman_sandbox_analyzer
    • EPSS Score: %0.07
    • Published: Mar. 02, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2001-0921

    Netscape 4.79 and earlier for MacOS allows an attacker with access to the browser to obtain passwords from form fields by printing the document into which the password has been typed, which is printed in cleartext.... Read more

    Affected Products : communicator
    • EPSS Score: %0.12
    • Published: Nov. 21, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-1070

    Sage Software MAS 200 allows remote attackers to cause a denial of service by connecting to port 10000 and entering a series of control characters.... Read more

    Affected Products : mas_200
    • EPSS Score: %0.28
    • Published: Aug. 31, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-1136

    The libsecurity library in HP-UX 11.04 (VVOS) allows attackers to cause a denial of service.... Read more

    Affected Products : hp-ux
    • EPSS Score: %0.10
    • Published: Sep. 13, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-2410

    Unknown vulnerability in sh_hash_compdata for Samhain 1.8.9 through 2.0.1 might allow attackers to cause a denial of service (null pointer dereference).... Read more

    Affected Products : samhain
    • EPSS Score: %0.07
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2012-5233

    Cross-site scripting (XSS) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote authenticated users with edit stickynotes privileges to inject arbitrary web script or HTML via unspecified vecotrs.... Read more

    Affected Products : drupal stickynote
    • EPSS Score: %0.32
    • Published: Oct. 01, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-2381

    Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file.... Read more

    Affected Products : wonderware_information_server
    • EPSS Score: %0.03
    • Published: Aug. 28, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2005-0852

    Microsoft Windows XP SP1 allows local users to cause a denial of service (system crash) via an empty datagram to a raw IP over IP socket (IP protocol 4), as originally demonstrated using code in Python 2.3.... Read more

    Affected Products : windows_xp
    • EPSS Score: %0.16
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2000-0387

    The makelev program in the golddig game from the FreeBSD ports collection allows local users to overwrite arbitrary files.... Read more

    Affected Products : golddig
    • EPSS Score: %0.11
    • Published: May. 09, 2000
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-2275

    Fortres 101 4.1 allows local users to bypass Fortres by pressing the Windows and "F" key together for 30 seconds, which opens multiple windows and eventually causes explorer.exe to crash, which then opens an unrestricted explorer.exe.... Read more

    Affected Products : fortres
    • EPSS Score: %0.06
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025
Showing 20 of 292044 Results