Latest CVE Feed
-
2.1
LOWCVE-2014-6123
IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow local users to obtain sensitive credential information by reading insta... Read more
- EPSS Score: %0.05
- Published: Dec. 29, 2014
- Modified: Apr. 12, 2025
-
2.1
LOWCVE-2015-2111
Unspecified vulnerability in HP Intelligent Provisioning 1.40 through 1.60 on Windows Server 2008 R2 and 2012 allows local users to obtain sensitive information via unknown vectors.... Read more
- EPSS Score: %0.14
- Published: Apr. 04, 2015
- Modified: Apr. 12, 2025
-
2.1
LOWCVE-2015-1602
Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 improperly stores password data within project files, which makes it easier for local users to determine cleartext (1) protection-level passwords or (2) web-server passwords by leveraging th... Read more
Affected Products : simatic_step_7- EPSS Score: %0.06
- Published: Apr. 06, 2015
- Modified: Apr. 12, 2025
-
2.1
LOWCVE-2013-4140
Cross-site scripting (XSS) vulnerability in the TinyBox (Simple Splash) module before 7.x-2.2 for Drupal allows remote authenticated users with the "administer tinybox" permission to inject arbitrary web script or HTML via unspecified vectors.... Read more
- EPSS Score: %0.35
- Published: Jul. 29, 2013
- Modified: Apr. 11, 2025
-
2.1
LOWCVE-2014-5456
Cross-site scripting (XSS) vulnerability in the Social Stats module before 7.x-1.5 for Drupal allows remote authenticated users with the "[Content Type]: Create new content" permission to inject arbitrary web script or HTML via vectors related to the conf... Read more
Affected Products : social_stats- EPSS Score: %0.20
- Published: Aug. 25, 2014
- Modified: Apr. 12, 2025
-
2.1
LOWCVE-2015-0519
The InputAccel Database (IADB) installation process in EMC Captiva Capture 7.0 before patch 25 and 7.1 before patch 13 places a cleartext InputAccel (IA) SQL password in a DAL log file, which allows local users to obtain sensitive information by reading a... Read more
Affected Products : captiva_capture- EPSS Score: %0.07
- Published: Feb. 14, 2015
- Modified: Apr. 12, 2025
-
2.1
LOWCVE-2014-6102
IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT ... Read more
Affected Products : maximo_asset_management maximo_for_life_sciences maximo_for_nuclear_power maximo_for_oil_and_gas maximo_for_transportation maximo_for_utilities smartcloud_control_desk change_and_configuration_management_database maximo_asset_management_essentials maximo_for_government +2 more products- EPSS Score: %0.12
- Published: Feb. 17, 2015
- Modified: Apr. 12, 2025
-
2.1
LOWCVE-2015-1314
The USAA Mobile Banking application before 7.10.1 for Android displays the most recently-used screen before prompting the user for login, which might allow physically proximate users to obtain banking account numbers and balances.... Read more
Affected Products : mobile_banking- EPSS Score: %0.07
- Published: Apr. 16, 2015
- Modified: Apr. 12, 2025
-
2.1
LOWCVE-2014-0085
JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been updated; previous text mistakenly identified the source ... Read more
- EPSS Score: %0.14
- Published: Apr. 17, 2014
- Modified: Apr. 12, 2025
-
2.1
LOWCVE-2013-4452
Red Hat JBoss Operations Network 3.1.2 uses world-readable permissions for the (1) server and (2) agent configuration files, which allows local users to obtain authentication credentials and other unspecified sensitive information by reading these files.... Read more
Affected Products : jboss_operations_network- EPSS Score: %0.05
- Published: Dec. 24, 2013
- Modified: Apr. 11, 2025
-
2.1
LOWCVE-2013-3976
The (1) Data Protection for Exchange component 6.1 before 6.1.3.4 and 6.3 before 6.3.1 in IBM Tivoli Storage Manager for Mail and the (2) FlashCopy Manager for Exchange component 2.2 and 3.1 before 3.1.1 in IBM Tivoli Storage FlashCopy Manager do not prop... Read more
- EPSS Score: %0.18
- Published: Mar. 26, 2014
- Modified: Apr. 12, 2025
-
2.1
LOWCVE-2013-0947
EMC RSA Authentication Manager 8.0 before P1 allows local users to discover cleartext operating-system passwords, HTTP plug-in proxy passwords, and SNMP communities by reading a (1) log file or (2) configuration file.... Read more
Affected Products : authentication_manager- EPSS Score: %0.05
- Published: Jun. 07, 2013
- Modified: Apr. 11, 2025
-
2.1
LOWCVE-2012-6108
HP Linux Imaging and Printing (HPLIP) before 3.13.2 uses world-writable permissions for /var/log/hp and /var/log/hp/tmp, which allows local users to delete log files via standard filesystem operations.... Read more
Affected Products : linux_imaging_and_printing_project- EPSS Score: %0.06
- Published: Feb. 15, 2014
- Modified: Apr. 11, 2025
-
2.1
LOWCVE-2014-4818
dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4.x, 5.5.x, 6.x before 6.4.3, and 7.1.x before 7.1.2 allows local users to discover the backup/restore encryption-key password via unspecified vectors.... Read more
Affected Products : tivoli_storage_manager- EPSS Score: %0.03
- Published: Feb. 24, 2015
- Modified: Apr. 12, 2025
-
2.1
LOWCVE-2020-14770
Vulnerability in the Hyperion BI+ product of Oracle Hyperion (component: IQR-Foundation service). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple proto... Read more
- EPSS Score: %0.21
- Published: Oct. 21, 2020
- Modified: Nov. 21, 2024
-
2.1
LOWCVE-2025-22272
In the "/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg" endpoint, it is possible to inject code in the "modalDlgMsgInternal" parameter via POST, which is then executed in the browser. The risk of exploiting vulnerability is reduced due to the required ... Read more
Affected Products :- Published: Feb. 28, 2025
- Modified: Mar. 05, 2025
- Vuln Type: Injection
-
2.1
LOWCVE-2006-1902
fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 improperly handles pointer overflow when folding a certain expr comparison to a corresponding offset comparison in cases other than EQ_EXPR and NE_EXPR, which might introduce buffer overflow... Read more
Affected Products : gcc- EPSS Score: %0.09
- Published: Apr. 20, 2006
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2025-30222
Shescape is a simple shell escape library for JavaScript. Versions 1.7.2 through 2.1.1 are vulnerable to potential environment variable exposure on Windows with CMD. This impact users of Shescape on Windows that explicitly configure `shell: 'cmd.exe'` or ... Read more
Affected Products : shescape- Published: Mar. 25, 2025
- Modified: Mar. 27, 2025
- Vuln Type: Information Disclosure
-
2.1
LOWCVE-2006-2612
Novell Client for Windows 4.8 and 4.9 does not restrict access to the clipboard contents while a machine is locked, which allows users with physical access to read the current clipboard contents by pasting them into the "User Name" field on the login prom... Read more
Affected Products : client- EPSS Score: %0.08
- Published: May. 26, 2006
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2012-1632
Cross-site scripting (XSS) vulnerability in password_policy.admin.inc in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote authenticated users with administer policies permissions to inject arbitrary web script or HTML v... Read more
- EPSS Score: %0.18
- Published: Sep. 20, 2012
- Modified: Apr. 11, 2025