Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2013-0390

    Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Bookmarkable Pages.... Read more

    Affected Products : e-business_suite
    • EPSS Score: %0.15
    • Published: Jan. 17, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-2724

    Cross-site scripting (XSS) vulnerability in the Hierarchical Select module 5.x before 5.x-3.2 and 6.x before 6.x-3.2 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via unspecified... Read more

    Affected Products : drupal hierarchical_select
    • EPSS Score: %0.18
    • Published: Jul. 13, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-1999-1394

    BSD 4.4 based operating systems, when running at security level 1, allow the root user to clear the immutable and append-only flags for files by unmounting the file system and using a file system editor such as fsdb to directly modify the file through a d... Read more

    Affected Products : bsd
    • EPSS Score: %0.90
    • Published: Jul. 02, 1999
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-0132

    Expreserve, as used in vi and ex, allows local users to overwrite arbitrary files and gain root access.... Read more

    Affected Products : solaris hp-ux sunos
    • EPSS Score: %0.36
    • Published: Aug. 15, 1996
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2012-5553

    Multiple cross-site scripting (XSS) vulnerabilities in the OM Maximenu module 6.x-1.x before 6.x-1.44 and 7.x-1.x before 7.x-1.44 for Drupal allow remote authenticated users with the "administer OM Maximenu" permission to inject arbitrary web script or HT... Read more

    Affected Products : drupal om_maximenu
    • EPSS Score: %0.26
    • Published: Dec. 03, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-3361

    Cross-site scripting (XSS) vulnerability in the Linkit module before 7.x-2.7 and 7.x-3.x before 7.x-3.3 for Drupal, when the node search plugin is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a node title.... Read more

    Affected Products : linkit linkit
    • EPSS Score: %0.21
    • Published: Apr. 21, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2006-1050

    Kwik-Pay Payroll 4.2.20, and possibly other versions, stores the KwikPay.mdb database file with insecure permissions, which allows local users to obtain sensitive information such as employment and payment data. NOTE: the provenance of this information i... Read more

    Affected Products : kwik-pay_payroll
    • EPSS Score: %0.03
    • Published: Mar. 07, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2010-2000

    Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privileges, to inject arbitrary web script or HTML via unspeci... Read more

    Affected Products : drupal bibliography
    • EPSS Score: %0.26
    • Published: May. 20, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-2579

    Unspecified vulnerability in the Oracle Health Sciences Argus Safety component in Oracle Health Sciences Applications 8.0 allows local users to affect confidentiality via vectors related to BIP Installer.... Read more

    Affected Products : health_sciences_applications
    • EPSS Score: %0.17
    • Published: Apr. 16, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-0370

    Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.... Read more

    Affected Products : supply_chain_products_suite
    • EPSS Score: %0.17
    • Published: Jan. 17, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-2070

    Cross-site scripting (XSS) vulnerability in the MultiBlock module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer blocks permission to inject arbitrary web script or HTML via the block tit... Read more

    Affected Products : drupal multiblock
    • EPSS Score: %0.45
    • Published: Aug. 14, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-5448

    HP Asset Manager 9.40 and 9.41 before 9.41.11103 P4-rev1 and 9.50 before 9.50.11925 P3 allows local users to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : asset_manager
    • EPSS Score: %0.06
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-6414

    Cisco TelePresence Video Communication Server (VCS) X8.6 uses the same encryption key across different customers' installations, which makes it easier for local users to defeat cryptographic protection mechanisms by leveraging knowledge of a key from anot... Read more

    • EPSS Score: %0.04
    • Published: Dec. 13, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-1784

    Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Clean Theme before 7.x-1.3 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal clean_theme
    • EPSS Score: %0.23
    • Published: Mar. 27, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2005-4176

    AWARD Bios Modular 4.50pg does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory.... Read more

    Affected Products : award_bios_modular
    • EPSS Score: %0.94
    • Published: Dec. 11, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2012-5509

    aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local users to read credentials by reading this file.... Read more

    • EPSS Score: %0.10
    • Published: Mar. 12, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-1999-1423

    ping in Solaris 2.3 through 2.6 allows local users to cause a denial of service (crash) via a ping request to a multicast address through the loopback interface, e.g. via ping -i.... Read more

    Affected Products : solaris sunos
    • EPSS Score: %0.33
    • Published: Jun. 26, 1997
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-4787

    AlphaMail before 1.0.16 allows local users to obtain sensitive information via the logging functionality, which displays unencrypted passwords in an error message. NOTE: some details are obtained from third party information.... Read more

    Affected Products : alphamail
    • EPSS Score: %0.08
    • Published: Sep. 14, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2010-1998

    Cross-site scripting (XSS) vulnerability in the CCK TableField module 6.x before 6.x-1.2 for Drupal allows remote authenticated users, with certain node creation or editing privileges, to inject arbitrary web script or HTML via table headers.... Read more

    Affected Products : drupal tablefield
    • EPSS Score: %0.34
    • Published: May. 20, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2005-3782

    Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and password" setting, and the "Show the Restart, Sleep, and Shut Down buttons" option is disabled, allows users with physical access to bypass login and reboot the system by entering ">restart... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %0.07
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 291728 Results