Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2009-0368

    OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer ... Read more

    Affected Products : opensc
    • EPSS Score: %0.31
    • Published: Mar. 02, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2004-1857

    Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. (dot dot) in the setinclude parameter.... Read more

    Affected Products : web_jetadmin
    • EPSS Score: %78.04
    • Published: Mar. 24, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2011-1160

    The tpm_open function in drivers/char/tpm/tpm.c in the Linux kernel before 2.6.39 does not initialize a certain buffer, which allows local users to obtain potentially sensitive information from kernel memory via unspecified vectors.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.17
    • Published: Jun. 21, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-0980

    The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging an error in the emergency-call feature.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.05
    • Published: Mar. 20, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-5173

    The random-number generator in the kernel in Apple Mac OS X before 10.9 provides lengthy exclusive access for processing of large requests, which allows local users to cause a denial of service (temporary generator outage) via an application that requires... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %0.13
    • Published: Oct. 24, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-5021

    Cross-site scripting (XSS) vulnerability in the Form API in Drupal 6.x before 6.32 and possibly 7.x before 7.29 allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via an option group label.... Read more

    Affected Products : drupal
    • EPSS Score: %0.18
    • Published: Jul. 22, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2011-3245

    The Keyboards component in Apple iOS before 5 displays the final character of an entered password during a subsequent use of a keyboard, which allows physically proximate attackers to obtain sensitive information by reading this character.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.14
    • Published: Oct. 14, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-3735

    The Passcode Lock implementation in Apple iOS before 6 does not properly interact with the "Slide to Power Off" feature, which allows physically proximate attackers to see the most recently used third-party app by watching the device's screen.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.08
    • Published: Sep. 20, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-0492

    Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120... Read more

    Affected Products : mysql mysql
    • EPSS Score: %0.55
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-4529

    Integer underflow in the irda_getsockopt function in net/irda/af_irda.c in the Linux kernel before 2.6.37 on platforms other than x86 allows local users to obtain potentially sensitive information from kernel heap memory via an IRLMP_ENUMDEVICES getsockop... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.05
    • Published: Jan. 13, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-3756

    The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 certificate acceptance within the lock screen, which allows physically proximate attackers to establish arbitrary certificate trust relationships by completing a dialog.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.04
    • Published: Aug. 16, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2012-3737

    The Passcode Lock implementation in Apple iOS before 6 does not properly restrict photo viewing, which allows physically proximate attackers to view arbitrary stored photos by spoofing a time value.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.07
    • Published: Sep. 20, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2005-2520

    The password assistant in Mac OS X 10.4 to 10.4.2, when used to create multiple accounts from the same process, does not reset the suggested password list when the assistant is displayed, which allows attackers to view recently used passwords.... Read more

    Affected Products : mac_os_x
    • EPSS Score: %0.08
    • Published: Aug. 19, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2013-0978

    The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ensure that it has been invoked in an abort context, which makes it easier for local users to bypass the ASLR protection mechanism via crafted code.... Read more

    Affected Products : iphone_os tvos
    • EPSS Score: %0.06
    • Published: Mar. 20, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2025-22149

    JWK Set (JSON Web Key Set) is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite ... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Misconfiguration

  • 2.1

    LOW
    CVE-2014-4352

    Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.04
    • Published: Sep. 18, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-1109

    NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.07
    • Published: Apr. 10, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2011-2203

    The hfs_find_init function in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and Oops) by mounting an HFS file system with a malformed MDB extent record.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.14
    • Published: Jan. 27, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-7080

    Siri in Apple iOS before 9.2 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.07
    • Published: Dec. 11, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-5923

    Apple iOS before 9.0.2 does not properly restrict the options available on the lock screen, which allows physically proximate attackers to read contact data or view photos via unspecified vectors.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.07
    • Published: Oct. 09, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291258 Results