Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2012-2068

    Multiple cross-site scripting (XSS) vulnerabilities in fancy_slide.module in the Fancy Slide module before 6.x-2.7 for Drupal allow remote authenticated users with the administer fancy_slide permission to inject arbitrary web script or HTML via the (1) no... Read more

    Affected Products : drupal fancy_slide
    • EPSS Score: %0.34
    • Published: Sep. 05, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-5233

    Cross-site scripting (XSS) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote authenticated users with edit stickynotes privileges to inject arbitrary web script or HTML via unspecified vecotrs.... Read more

    Affected Products : drupal stickynote
    • EPSS Score: %0.32
    • Published: Oct. 01, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2002-0507

    An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous u... Read more

    Affected Products : exchange_server securid
    • EPSS Score: %1.46
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2014-4768

    IBM Unified Extensible Firmware Interface (UEFI) on Flex System x880 X6, System x3850 X6, and System x3950 X6 devices allows remote authenticated users to cause an unspecified temporary denial of service by using privileged access to enable a legacy boot ... Read more

    • EPSS Score: %0.36
    • Published: Jun. 28, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2002-1927

    Aquonics File Manager 1.5 allows users with edit privileges to modify user accounts by editing the userlist.cgi file.... Read more

    Affected Products : aquonics_file_manager
    • EPSS Score: %0.07
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2013-6216

    Unspecified vulnerability in HP Array Configuration Utility, Array Diagnostics Utility, ProLiant Array Diagnostics, and SmartSSD Wear Gauge Utility 9.40 and earlier allows local users to gain privileges via unknown vectors.... Read more

    • EPSS Score: %0.12
    • Published: Apr. 12, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2002-0712

    Entrust Authority Security Manager (EASM) 6.0 does not properly require multiple master users to change the password of a master user, which could allow a master user to perform operations that require multiple authorizations.... Read more

    • EPSS Score: %0.25
    • Published: Feb. 03, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2013-4503

    Cross-site scripting (XSS) vulnerability in the Feed Element Mapper module for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via vectors related to options.... Read more

    Affected Products : feed_element_mapper
    • EPSS Score: %0.18
    • Published: May. 13, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-1598

    The Siemens SPCanywhere application for Android does not properly store application passwords, which allows physically proximate attackers to obtain sensitive information by examining the device filesystem.... Read more

    Affected Products : spcanywhere
    • EPSS Score: %0.06
    • Published: Mar. 07, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2002-1231

    SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to cause a denial of service via an rcp call on /proc.... Read more

    Affected Products : unixware openunix
    • EPSS Score: %0.06
    • Published: Nov. 04, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2010-1539

    Cross-site scripting (XSS) vulnerability in the Workflow module 5.x-2.x before 5.x-2.6 and 6.x-1.x before 6.x-1.4 for Drupal, when used with the Token module, might allow remote authenticated users to inject arbitrary web script or HTML via a certain Comm... Read more

    Affected Products : drupal workflow
    • EPSS Score: %0.34
    • Published: Apr. 26, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2003-1265

    Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages.... Read more

    Affected Products : mozilla navigator
    • EPSS Score: %0.14
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2003-1295

    Unspecified vulnerability in xscreensaver 4.12, and possibly other versions, allows attackers to cause xscreensaver to crash via unspecified vectors "while verifying the user-password."... Read more

    Affected Products : enterprise_linux suse_linux
    • EPSS Score: %0.06
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2016-3888

    internal/telephony/SMSDispatcher.java in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism, ... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Sep. 11, 2016
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-1999-1449

    SunOS 4.1.4 on a Sparc 20 machine allows local users to cause a denial of service (kernel panic) by reading from the /dev/tcx0 TCX device.... Read more

    Affected Products : sunos
    • EPSS Score: %0.05
    • Published: May. 19, 1997
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-1229

    Quake 2 server 3.13 on Linux does not properly check file permissions for the config.cfg configuration file, which allows local users to read arbitrary files via a symlink from config.cfg to the target file.... Read more

    Affected Products : quake_2_server
    • EPSS Score: %0.06
    • Published: Feb. 25, 1998
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0690

    Gene6 FTP Server does not properly restrict access to the control console, which allows local users to modify the server configuration and gain privileges, as demonstrated by defining a SITE command.... Read more

    Affected Products : g6_ftp_server
    • EPSS Score: %0.09
    • Published: Mar. 07, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0511

    Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and 5.0.7, and possibly other operating systems, may allow attackers to cause a denial of service by triggering a null dereference.... Read more

    Affected Products : openserver
    • EPSS Score: %1.86
    • Published: Dec. 23, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2008-0663

    Novell Challenge Response Client (LCM) 2.7.5 and earlier, as used with Novell Client for Windows 4.91 SP4, allows users with physical access to a locked system to obtain contents of the clipboard by pasting the contents into the Challenge Question field.... Read more

    • EPSS Score: %0.08
    • Published: Feb. 08, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2014-7835

    webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not ensure that a file upload is for a private or draft area, which allows remote authenticated users to upload files containing JavaScript, and consequently conduct cross-site... Read more

    Affected Products : moodle
    • EPSS Score: %0.18
    • Published: Nov. 24, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 291564 Results