Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2014-5398

    Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XM... Read more

    Affected Products : wonderware_information_server
    • EPSS Score: %0.11
    • Published: Aug. 28, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2000-0881

    The dccscan setuid program in LPPlus does not properly check if the user has the permissions to print the file that is specified to dccscan, which allows local users to print arbitrary files.... Read more

    Affected Products : lpplus
    • EPSS Score: %0.15
    • Published: Nov. 14, 2000
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-2238

    ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to cause a denial of service (port exhaustion and memory consumption) by using all ephemeral ports.... Read more

    Affected Products : aix
    • EPSS Score: %0.14
    • Published: Jul. 12, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2014-5400

    The installation component in Hospira MedNet before 6.1 places cleartext credentials in configuration files, which allows local users to obtain sensitive information by reading a file.... Read more

    Affected Products : mednet
    • EPSS Score: %0.06
    • Published: Apr. 03, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2008-3900

    Intel firmware PE94510M.86A.0050.2007.0710.1559 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory location... Read more

    Affected Products : bios bios
    • EPSS Score: %0.09
    • Published: Sep. 03, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2009-1679

    The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows physi... Read more

    Affected Products : iphone_os ipod_touch
    • EPSS Score: %0.07
    • Published: Jun. 19, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2002-2254

    The experimental IP packet queuing feature in Netfilter / IPTables in Linux kernel 2.4 up to 2.4.19 and 2.5 up to 2.5.31, when a privileged process exits and network traffic is not being queued, may allow a later process with the same Process ID (PID) to ... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.08
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2000-1141

    Recourse ManTrap 1.6 modifies the kernel so that ".." does not appear in the /proc listing, which allows attackers to determine that they are in a honeypot system.... Read more

    Affected Products : mantrap
    • EPSS Score: %0.12
    • Published: Jan. 09, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2003-1437

    BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access.... Read more

    • EPSS Score: %0.03
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2003-1174

    Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users to cause a denial of service via (1) icy-name followed by a long server name or (2) icy-url followed by a long URL.... Read more

    Affected Products : shoutcast_server
    • EPSS Score: %0.46
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2015-0996

    Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it ea... Read more

    Affected Products : aveva_edge wonderware_intouch_2014
    • EPSS Score: %0.06
    • Published: Mar. 29, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2004-0351

    Spider Sales shopping cart stores the private key in the same database and table as the public key, which allows local users with access to the database to decrypt data.... Read more

    Affected Products : spidersales
    • EPSS Score: %0.06
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-0079

    Support Tools Manager (STM) A.22.00 for HP-UX allows local users to overwrite arbitrary files via a symlink attack on the tool_stat.txt log file.... Read more

    Affected Products : support_tools_manager
    • EPSS Score: %0.27
    • Published: Feb. 12, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1586

    Flash Messaging clients can ignore disconnecting commands such as "shutdown" from the Flash Messaging Server 5.2.0g (rev 1.1.2), which could allow remote attackers to stay connected.... Read more

    Affected Products : flash_messaging_server
    • EPSS Score: %0.18
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-2132

    RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5, and 7.1.4 mp2 allows remote attackers or local users to cause a denial of service (lack of response) via multiple invalid portmap requests.... Read more

    Affected Products : unixware
    • EPSS Score: %0.28
    • Published: Aug. 03, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2000-0311

    The Windows 2000 domain controller allows a malicious user to modify Active Directory information by modifying an unprotected attribute, aka the "Mixed Object Access" vulnerability.... Read more

    Affected Products : windows_2000
    • EPSS Score: %0.65
    • Published: Apr. 20, 2000
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1360

    Unknown vulnerability in conv_fix in Sun Solaris 7 through 9, when invoked by conv_lpd, allows local users to overwrite arbitrary files.... Read more

    Affected Products : solaris sunos
    • EPSS Score: %0.24
    • Published: Feb. 27, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-0020

    Directory traversal vulnerability in Arrowpoint (aka Cisco Content Services, or CSS) allows local unprivileged users to read arbitrary files via a .. (dot dot) attack.... Read more

    Affected Products : arrowpoint content_services_switch
    • EPSS Score: %0.16
    • Published: Feb. 12, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-1888

    CommonName Toolbar 3.5.2.0 sends unqualified domain name requests to the CommonName organization and possibly other web servers for name resolution, which allows those organizations to obtain internal server names.... Read more

    Affected Products : commonname_toolbar
    • EPSS Score: %0.14
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-2028

    The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password guessing.... Read more

    Affected Products : windows_2000 windows_xp windows_nt
    • EPSS Score: %0.81
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025
Showing 20 of 291389 Results