Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2005-2762

    Avaya VPNRemote before 4.2.33 stores credentials in cleartext in process memory, which allows attackers to obtain the VPN user's credentials.... Read more

    Affected Products : vpnremote
    • EPSS Score: %0.07
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2012-2297

    Multiple cross-site scripting (XSS) vulnerabilities in the Creative Commons module 6.x-1.x before 6.x-1.1 for Drupal allow remote authenticated users with the administer creative commons permission to inject arbitrary web script or HTML via the (1) creati... Read more

    Affected Products : drupal creativecommons
    • EPSS Score: %0.35
    • Published: Aug. 26, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2006-5956

    XLineSoft PHPRunner 3.1 stores the (1) database server name, (2) database names, (3) usernames, and (4) passwords in plaintext in %WINDIR%\PHPRunner.ini, which allows local users to obtain sensitive information by reading the file.... Read more

    Affected Products : phprunner
    • EPSS Score: %0.08
    • Published: Nov. 17, 2006
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2001-1518

    RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service (RunAs hang) by creating a named pipe session with the authentication server without any request for service. NOTE: the v... Read more

    Affected Products : windows_2000
    • EPSS Score: %0.61
    • Published: Dec. 31, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2024-51752

    The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In affected versions refresh tokens are logged to the console when the disabled by default `debug` flag, is enabled.... Read more

    Affected Products : authkit
    • Published: Nov. 05, 2024
    • Modified: Nov. 06, 2024

  • 2.1

    LOW
    CVE-2007-3379

    Unspecified vulnerability in the kernel in Red Hat Enterprise Linux (RHEL) 4 on the x86_64 platform allows local users to cause a denial of service (OOPS) via unspecified vectors related to the get_gate_vma function and the fuser command.... Read more

    Affected Products : enterprise_linux linux
    • EPSS Score: %0.06
    • Published: Sep. 17, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2013-1956

    The create_user_ns function in kernel/user_namespace.c in the Linux kernel before 3.8.6 does not check whether a chroot directory exists that differs from the namespace root directory, which allows local users to bypass intended filesystem restrictions vi... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.03
    • Published: Apr. 24, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-1599

    The Siemens SPCanywhere application for iOS allows physically proximate attackers to bypass intended access restrictions by leveraging a filesystem architectural error.... Read more

    Affected Products : spcanywhere
    • EPSS Score: %0.06
    • Published: Mar. 07, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-0227

    Cross-site scripting (XSS) vulnerability in the Search API Sorts module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified field labels.... Read more

    Affected Products : drupal search_api_sorts
    • EPSS Score: %0.20
    • Published: Mar. 19, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-7128

    Valve Bug Reporter in the valve-bugreporter package 2.10+bsos1 in Valve SteamOS Beta stores cleartext credentials in a .valve-bugreporter.cfg file upon a Remember Credentials action, which allows local users to obtain sensitive information by reading this... Read more

    Affected Products : steamos
    • EPSS Score: %0.06
    • Published: Dec. 17, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-1999-0907

    sccw allows local users to read arbitrary files.... Read more

    Affected Products : soundcard_cw
    • EPSS Score: %0.12
    • Published: Sep. 16, 1999
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-0213

    xkas in Xinet K-AShare 0.011.01 for IRIX allows local users to read arbitrary files via a symlink attack on the VOLICON file, which is copied to the .HSicon file in a shared directory.... Read more

    Affected Products : irix k-ashare
    • EPSS Score: %0.10
    • Published: May. 16, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2009-2207

    The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and iPhone OS 3.0 for iPod touch, lists deleted e-mail messages in Spotlight search results, which might allow local users to obtain sensitive information by reading these messages.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.06
    • Published: Sep. 10, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2004-1933

    Citadel/UX 5.00 through 6.14 installs the database directory and files with world-read permissions, which could allow local users to bypass access controls and read unauthorized messages.... Read more

    Affected Products : ux
    • EPSS Score: %0.07
    • Published: Apr. 12, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2015-0527

    EMC Documentum xCelerated Management System (xMS) 1.1 before P14 stores cleartext Windows Service credentials in a batch file during Documentum Platform and xCelerated Composition Platform (xCP) provisioning, which allows local users to obtain sensitive i... Read more

    • EPSS Score: %0.13
    • Published: Mar. 24, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2001-1406

    process_bug.cgi in Bugzilla before 2.14 does not set the "groupset" bit when a bug is moved between product groups, which will cause the bug to have the old group's restrictions, which might not be as stringent.... Read more

    Affected Products : bugzilla
    • EPSS Score: %0.12
    • Published: Sep. 10, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-0666

    Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox.... Read more

    Affected Products : exchange_server
    • EPSS Score: %0.29
    • Published: Oct. 30, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-4352

    The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15 and earlier, allows local users to bypass time setting restrictions and set the clock backwards by setting the clock ahead to the maximum unixtime value (19 Jan 2038), which then ... Read more

    Affected Products : linux_kernel netbsd
    • EPSS Score: %0.11
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1894

    TEXutil in ConTEXt, when executed with the --silent option, allows local users to overwrite arbitrary files via a symlink attack on texutil.log.... Read more

    Affected Products : context
    • EPSS Score: %0.08
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0828

    The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and 5.3 does not properly drop privileges before executing the -f option, which allows local users to modify or create arbitrary files.... Read more

    Affected Products : aix
    • EPSS Score: %0.08
    • Published: Nov. 03, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 291808 Results