Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2025-22272

    In the "/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg" endpoint, it is possible to inject code in the "modalDlgMsgInternal" parameter via POST, which is then executed in the browser. The risk of exploiting vulnerability is reduced due to the required ... Read more

    Affected Products :
    • Published: Feb. 28, 2025
    • Modified: Mar. 05, 2025
    • Vuln Type: Injection

  • 2.1

    LOW
    CVE-2009-5056

    Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then... Read more

    Affected Products : otrs
    • EPSS Score: %0.16
    • Published: Mar. 18, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2009-1435

    NTRtScan.exe in Trend Micro OfficeScan Client 8.0 SP1 and 8.0 SP1 Patch 1 allows local users to cause a denial of service (application crash) via directories with long pathnames. NOTE: some of these details are obtained from third party information.... Read more

    Affected Products : officescan
    • EPSS Score: %0.45
    • Published: Apr. 27, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2011-5188

    Cross-site scripting (XSS) vulnerability in the Support Timer module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "track time spent" permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal support_timer
    • EPSS Score: %0.23
    • Published: Sep. 20, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2009-5061

    Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.14 services for Lotus Domino, when Domino Native Authentication is enabled, might allow remote authenticated users to cause a denial of service (daemon crash) by going offline, aka SPR MLZG7UP... Read more

    Affected Products : lotus_quickr lotus_domino
    • EPSS Score: %0.57
    • Published: Mar. 22, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-4589

    Login.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 does not have an off autocomplete attribute for unspecified form fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.... Read more

    Affected Products : enterprise_mobility_manager
    • EPSS Score: %0.12
    • Published: Aug. 22, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-0160

    The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.23
    • Published: Feb. 18, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-3296

    The cxgb_extension_ioctl function in drivers/net/cxgb3/cxgb3_main.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memor... Read more

    • EPSS Score: %0.10
    • Published: Sep. 30, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-5724

    Phpbb3 before 3.0.11-4 for Debian GNU/Linux uses world-writable permissions for cache files, which allows local users to modify the file contents via standard filesystem write operations.... Read more

    Affected Products : phpbb3
    • EPSS Score: %0.04
    • Published: Sep. 12, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-2242

    Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying an... Read more

    Affected Products : libvirt
    • EPSS Score: %0.08
    • Published: Aug. 19, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2025-22149

    JWK Set (JSON Web Key Set) is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite ... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Misconfiguration

  • 2.1

    LOW
    CVE-2010-0622

    The wake_futex_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance (PI) futex, which allows local users to cause a denial of service (OOPS) and possibly have uns... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.09
    • Published: Feb. 15, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2004-1110

    The mtink status monitor before 1.0.5 for Epson printers allows local users to overwrite arbitrary files via a symlink attack on the epson temporary file.... Read more

    Affected Products : linux mtink
    • EPSS Score: %0.06
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1234

    load_elf_binary in Linux before 2.4.26 allows local users to cause a denial of service (system crash) via an ELF binary in which the interpreter is NULL.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.10
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1033

    Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access restrictions and read fcron.allow and fcron.deny via the EDITOR environment variable.... Read more

    Affected Products : linux fcron
    • EPSS Score: %0.07
    • Published: Mar. 01, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2012-1770

    Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than... Read more

    Affected Products : fusion_middleware
    • EPSS Score: %11.08
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-4446

    Mail Service in Apple OS X Server before 4.0 does not enforce SACL changes until after a service restart, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a change made by an admin... Read more

    Affected Products : os_x_server
    • EPSS Score: %0.12
    • Published: Oct. 18, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-3637

    D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.... Read more

    Affected Products : dbus opensuse
    • EPSS Score: %0.07
    • Published: Sep. 22, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2005-3109

    The HFS and HFS+ (hfsplus) modules in Linux 2.6 allow attackers to cause a denial of service (oops) by using hfsplus to mount a filesystem that is not hfsplus.... Read more

    Affected Products : linux_kernel enterprise_linux
    • EPSS Score: %0.07
    • Published: Sep. 30, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2015-3285

    The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong pointer when writing the results of the RPC, which allows local users to cause a denial of service (memory corruption and kernel panic) via a crafted OSD FS command.... Read more

    Affected Products : openafs
    • EPSS Score: %0.08
    • Published: Aug. 12, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291394 Results