Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2001-0020

    Directory traversal vulnerability in Arrowpoint (aka Cisco Content Services, or CSS) allows local unprivileged users to read arbitrary files via a .. (dot dot) attack.... Read more

    Affected Products : arrowpoint content_services_switch
    • EPSS Score: %0.16
    • Published: Feb. 12, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-1406

    dumpreg in Red Hat Linux 5.1 opens /dev/mem with O_RDWR access, which allows local users to cause a denial of service (crash) by redirecting fd 1 (stdout) to the kernel.... Read more

    Affected Products : linux
    • EPSS Score: %0.08
    • Published: Jul. 29, 1998
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2000-1141

    Recourse ManTrap 1.6 modifies the kernel so that ".." does not appear in the /proc listing, which allows attackers to determine that they are in a honeypot system.... Read more

    Affected Products : mantrap
    • EPSS Score: %0.12
    • Published: Jan. 09, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-2605

    aStats 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on (1) the aStats-Graphic-Signature-Generation file and (2) certain PNG image files.... Read more

    Affected Products : astats
    • EPSS Score: %0.10
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2010-2123

    Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) address, (3) ... Read more

    Affected Products : drupal storm
    • EPSS Score: %0.34
    • Published: Jun. 01, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-5440

    IBM InfoSphere Information Server 8.0, 8.1, 8.5, 8.7, and 9.1 allows local users to obtain sensitive information in opportunistic circumstances by leveraging the presence of file content after a failed installation.... Read more

    Affected Products : infosphere_information_server
    • EPSS Score: %0.05
    • Published: Dec. 18, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2004-1586

    Flash Messaging clients can ignore disconnecting commands such as "shutdown" from the Flash Messaging Server 5.2.0g (rev 1.1.2), which could allow remote attackers to stay connected.... Read more

    Affected Products : flash_messaging_server
    • EPSS Score: %0.18
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0991

    RC.BOOT in IBM AIX 5.1, 5.2, and 5.3 does not "use a secure location for temporary files," which allows local users to have an unknown impact, probably by overwriting files.... Read more

    Affected Products : aix
    • EPSS Score: %0.06
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2011-5202

    BazisVirtualCDBus.sys in WinCDEmu 3.6 allows local users to cause a denial of service (system crash) via the unmount command to batchmnt.exe.... Read more

    Affected Products : wincdemu
    • EPSS Score: %0.06
    • Published: Oct. 01, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-1358

    Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privileges, to inject arbitrary web script or HTML via unspeci... Read more

    Affected Products : drupal bibliography
    • EPSS Score: %0.21
    • Published: Apr. 13, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-1536

    Cross-site scripting (XSS) vulnerability in the AddThis Button module 5.x before 5.x-2.2 and 6.x before 6.x-2.9 for Drupal allows remote authenticated users, with administer addthis privileges, to inject arbitrary web script or HTML via unspecified vector... Read more

    Affected Products : drupal addthis
    • EPSS Score: %0.23
    • Published: Apr. 26, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2004-0207

    "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions... Read more

    • EPSS Score: %1.59
    • Published: Nov. 03, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-0862

    Insecure directory permissions in RPM distribution for PostgreSQL allows local users to gain privileges by reading a plaintext password file.... Read more

    Affected Products : postgresql
    • EPSS Score: %0.09
    • Published: Dec. 02, 1999
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2013-2047

    The login page (aka index.php) in ownCloud before 5.0.6 does not disable the autocomplete setting for the password parameter, which makes it easier for physically proximate attackers to guess the password.... Read more

    Affected Products : owncloud owncloud_server
    • EPSS Score: %0.06
    • Published: Mar. 14, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2006-0482

    Linux kernel 2.6.15.1 and earlier, when running on SPARC architectures, allows local users to cause a denial of service (hang) via a "date -s" command, which causes invalid sign extended arguments to be provided to the get_compat_timespec function call.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.07
    • Published: Jan. 31, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2009-1972

    Unspecified vulnerability in the Auditing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect integrity, related to DBMS_SYS_SQL and DBMS_SQL.... Read more

    Affected Products : database_server
    • EPSS Score: %0.44
    • Published: Oct. 22, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2005-0756

    ptrace in Linux kernel 2.6.8.1 does not properly verify addresses on the amd64 platform, which allows local users to cause a denial of service (kernel crash).... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Jun. 08, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-1762

    The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform allows local users to cause a denial of service (kernel crash) via a "non-canonical" address.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Aug. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-2739

    Keychain Access in Mac OS X 10.4.2 and earlier keeps a password visible even if a keychain times out while the password is being viewed, which could allow attackers with physical access to obtain the password.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %0.09
    • Published: Nov. 01, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0181

    The JFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the JFS file system, which allows local users to obtain sensitive information by reading the raw device.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Jun. 01, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 291754 Results