Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2013-0259

    Cross-site scripting (XSS) vulnerability in the Boxes module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with administer or edit boxes permissions to inject arbitrary web script or HTML via the subject parameter.... Read more

    Affected Products : drupal boxes
    • EPSS Score: %0.18
    • Published: Mar. 27, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2004-2398

    Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and conduct brute force attacks by reading the file names from /var/lib/mysql, which is assigned world-r... Read more

    Affected Products : fantastico_de_luxe
    • EPSS Score: %0.05
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-0907

    sccw allows local users to read arbitrary files.... Read more

    Affected Products : soundcard_cw
    • EPSS Score: %0.12
    • Published: Sep. 16, 1999
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-2440

    Unspecified vulnerability in cmdline.c in proxytunnel 1.1.3 and earlier allows local users to obtain proxy credentials (username or password) of other users.... Read more

    Affected Products : proxytunnel
    • EPSS Score: %0.08
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-0967

    NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to cause a denial of service (memory usage and cpu utilization) via a flood of arbitrary UDP datagrams to ports 0 to 65000. NOTE: this issue was report... Read more

    Affected Products : secure_client
    • EPSS Score: %0.07
    • Published: Mar. 02, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2014-0647

    The Starbucks 2.6.1 application for iOS stores sensitive information in plaintext in the Crashlytics log file (/Library/Caches/com.crashlytics.data/com.starbucks.mystarbucks/session.clslog), which allows attackers to discover usernames, passwords, and e-m... Read more

    Affected Products : iphone_os starbucks
    • EPSS Score: %0.08
    • Published: Jan. 28, 2014
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2011-3536

    Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability, related to DTrace Software Library (libdtrace).... Read more

    Affected Products : solaris
    • EPSS Score: %0.14
    • Published: Oct. 18, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-5231

    The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to extract the password from storage via unspecified vectors.... Read more

    • EPSS Score: %0.06
    • Published: Jan. 14, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2006-5724

    Heap-based buffer overflow the "Answering Service" function in ICQ 2003b Build 3916 allows local users to cause a denial of service (application crash) via a long string in the "AwayMsg Presets" value in the ICQ\ICQPro\DefaultPrefs\Presets registry key.... Read more

    Affected Products : icq
    • EPSS Score: %0.17
    • Published: Nov. 04, 2006
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2014-4303

    Multiple cross-site scripting (XSS) vulnerabilities in the Touch theme 7.x-1.x before 7.x-1.9 for Drupal allow remote authenticated users with the Administer themes permission to inject arbitrary web script or HTML via vectors related to the (1) Twitter a... Read more

    Affected Products : touch
    • EPSS Score: %0.37
    • Published: Jun. 18, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-2343

    Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows physically proximate attackers to cause a denial of service (excessive data processing) via a crafted DNP request over a serial line.... Read more

    Affected Products : scada_data_gateway
    • EPSS Score: %0.06
    • Published: May. 30, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2010-4548

    IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (daemon crash) by accepting a meeting invitation with an iNotes client and then accepting this meeting invitation with an iPhone client.... Read more

    Affected Products : lotus_notes_traveler notes_traveler
    • EPSS Score: %0.41
    • Published: Dec. 16, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2005-0517

    PeerFTP_5 stores sensitive information such as passwords in plaintext in the PeerFTP.ini files, which allows local users to gain privileges.... Read more

    Affected Products : peerftp_5
    • EPSS Score: %0.18
    • Published: Feb. 23, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-3782

    Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and password" setting, and the "Show the Restart, Sleep, and Shut Down buttons" option is disabled, allows users with physical access to bypass login and reboot the system by entering ">restart... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %0.07
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2011-0995

    The sqlite3-ruby gem in the rubygem-sqlite3 package before 1.2.4-0.5.1 in SUSE Linux Enterprise (SLE) 11 SP1 uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors.... Read more

    • EPSS Score: %0.04
    • Published: May. 13, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-2019

    IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not prevent caching of documents retrieved in SSL sessions, which allows physically proxi... Read more

    Affected Products : tivoli_directory_server
    • EPSS Score: %0.08
    • Published: Jun. 28, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2005-2078

    BisonFTP Server V4R1 allows remote authenticated users to cause a denial of service via an invalid command with a long argument.... Read more

    Affected Products : bisonftp
    • EPSS Score: %0.61
    • Published: Jun. 29, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2010-5075

    Integer overflow in aswFW.sys 5.0.594.0 in Avast! Internet Security 5.0 Korean Trial allows local users to cause a denial of service (memory corruption and panic) via a crafted IOCTL_ASWFW_COMM_PIDINFO_RESULTS DeviceIoControl request to \\.\aswFW.... Read more

    Affected Products : avast\!_internet_security
    • EPSS Score: %0.42
    • Published: Dec. 28, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2002-2105

    Microsoft Windows XP allows local users to prevent the system from booting via a corrupt explorer.exe.manifest file.... Read more

    Affected Products : windows_xp
    • EPSS Score: %0.39
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-1378

    fetchmailconf in fetchmail before 5.7.4 allows local users to overwrite files of other users via a symlink attack on temporary files.... Read more

    Affected Products : fetchmail
    • EPSS Score: %0.05
    • Published: Sep. 06, 2001
    • Modified: Apr. 03, 2025
Showing 20 of 291385 Results