Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2004-1237

    Unknown vulnerability in the system call filtering code in the audit subsystem for Red Hat Enterprise Linux 3 allows local users to cause a denial of service (system crash) via unknown vectors.... Read more

    • EPSS Score: %0.06
    • Published: Apr. 14, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-1976

    ifconfig, when used on the Linux kernel 2.2 and later, does not report when the network interface is in promiscuous mode if it was put in promiscuous mode using PACKET_MR_PROMISC, which could allow attackers to sniff the network without detection, as demo... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.13
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-1534

    mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session I... Read more

    Affected Products : http_server
    • EPSS Score: %0.12
    • Published: Dec. 31, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2011-2784

    Google Chrome before 13.0.782.107 allows remote attackers to obtain sensitive information via a request for the GL program log, which reveals a local path in an unspecified log entry.... Read more

    Affected Products : chrome
    • EPSS Score: %0.19
    • Published: Aug. 03, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2008-4870

    dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.... Read more

    Affected Products : enterprise_linux dovecot
    • EPSS Score: %0.04
    • Published: Nov. 01, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2004-1022

    Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use symmetric encryption for user passwords, which allows attackers to decrypt the user database and obtain the passwords by extracting the secret key from with... Read more

    • EPSS Score: %0.04
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2015-1426

    Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.... Read more

    Affected Products : facter facter
    • EPSS Score: %0.06
    • Published: Feb. 23, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2010-3074

    SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a watermark attack.... Read more

    Affected Products : encfs
    • EPSS Score: %0.07
    • Published: Sep. 17, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-8991

    pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.... Read more

    Affected Products : solaris pip
    • EPSS Score: %0.12
    • Published: Nov. 24, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2011-1788

    vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1 allows local users to discover the SOAP session ID via unspecified vectors.... Read more

    Affected Products : vcenter
    • EPSS Score: %0.06
    • Published: May. 09, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2011-2977

    Bugzilla 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files. NOTE: thi... Read more

    Affected Products : windows bugzilla
    • EPSS Score: %0.07
    • Published: Aug. 09, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2006-4399

    User interface inconsistency in Workgroup Manager in Apple Mac OS X 10.4 through 10.4.7 appears to allow administrators to change the authentication type from crypt to ShadowHash passwords for accounts in a NetInfo parent, when such an operation is not ac... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %0.22
    • Published: Oct. 03, 2006
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2005-1167

    Musicmatch 10.00.2047 and earlier store log files in the Program Files directory instead of the user profile, which may allow local users to obtain sensitive information.... Read more

    Affected Products : jukebox
    • EPSS Score: %0.06
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2025-2236

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in OpenText Advanced Authentication allows Information Elicitation. The vulnerability could reveal sensitive information while managing and configuring of the externa... Read more

    Affected Products :
    • Published: May. 27, 2025
    • Modified: May. 28, 2025
    • Vuln Type: Information Disclosure

  • 2.1

    LOW
    CVE-2025-46553

    @misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1, a logic error in the main `summaly` function causes the `allowRedirects` option to never be passed to any plugins, and as a result, i... Read more

    Affected Products :
    • Published: May. 05, 2025
    • Modified: May. 05, 2025
    • Vuln Type: Misconfiguration

  • 2.1

    LOW
    CVE-2005-4605

    The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions before 2.6.15 allows attackers to read sensitive kernel memory via unspecified vectors in which a signed value is added to an unsigned value.... Read more

    Affected Products : linux_kernel enterprise_linux
    • EPSS Score: %0.98
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-1860

    lease_init in fs/locks.c in Linux kernel before 2.6.16.16 allows attackers to cause a denial of service (fcntl_setlease lockup) via actions that cause lease_init to free a lock that might not have been allocated on the stack.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.11
    • Published: May. 12, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2003-0071

    The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop.... Read more

    Affected Products : x11r6
    • EPSS Score: %0.08
    • Published: Mar. 03, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0136

    The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows local users to cause a denial of service (system crash) via a "corrupted binary."... Read more

    Affected Products : enterprise_linux irix
    • EPSS Score: %0.07
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-1268

    Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename.... Read more

    Affected Products : unzip
    • EPSS Score: %0.34
    • Published: Jul. 12, 2001
    • Modified: Apr. 03, 2025
Showing 20 of 291808 Results