Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2005-4869

    The (1) to_char and (2) to_date function in IBM DB2 8.1 allows local users to cause a denial of service (application crash) via an empty string in the second parameter, which causes a null pointer dereference.... Read more

    Affected Products : db2
    • EPSS Score: %0.16
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-0806

    Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the "del" option.... Read more

    Affected Products : bugzilla
    • EPSS Score: %0.13
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-1369

    The (1) it87 and (2) via686a drivers in I2C for Linux 2.6.x before 2.6.11.8, and 2.6.12 before 2.6.12-rc2, create the sysfs "alarms" file with write permissions, which allows local users to cause a denial of service (CPU consumption) by attempting to writ... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.05
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2014-1317

    iBooks Commerce in Apple OS X before 10.9.4 places Apple ID credentials in the iBooks log, which allows local users to obtain sensitive information by reading this file.... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %0.07
    • Published: Jul. 01, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-1425

    cmanager 0.32 does not properly enforce nesting when modifying cgroup properties, which allows local users to set cgroup values for all cgroups via unspecified vectors.... Read more

    Affected Products : ubuntu_linux cgmanager
    • EPSS Score: %0.05
    • Published: Jan. 07, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2012-4493

    Cross-site scripting (XSS) vulnerability in the administrative interface in the Better Revisions module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer better revisions" permission to inject arbitrary web script or... Read more

    Affected Products : drupal better_revisions
    • EPSS Score: %0.20
    • Published: Nov. 02, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-1652

    Cross-site scripting (XSS) vulnerability in the Hierarchical Select module 6.x-3.x before 6.x-3.8 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via unspecified vectors related to "... Read more

    • EPSS Score: %0.27
    • Published: Sep. 19, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-1998

    Cross-site scripting (XSS) vulnerability in the CCK TableField module 6.x before 6.x-1.2 for Drupal allows remote authenticated users, with certain node creation or editing privileges, to inject arbitrary web script or HTML via table headers.... Read more

    Affected Products : drupal tablefield
    • EPSS Score: %0.34
    • Published: May. 20, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-0390

    Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Bookmarkable Pages.... Read more

    Affected Products : e-business_suite
    • EPSS Score: %0.15
    • Published: Jan. 17, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-5553

    Multiple cross-site scripting (XSS) vulnerabilities in the OM Maximenu module 6.x-1.x before 6.x-1.44 and 7.x-1.x before 7.x-1.44 for Drupal allow remote authenticated users with the "administer OM Maximenu" permission to inject arbitrary web script or HT... Read more

    Affected Products : drupal om_maximenu
    • EPSS Score: %0.26
    • Published: Dec. 03, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-0321

    Unspecified vulnerability in the device driver in Kingsoft Internet Security 2011 allows local users to cause a denial of service via a crafted application.... Read more

    Affected Products : internet_security
    • EPSS Score: %0.06
    • Published: Mar. 02, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2004-0283

    Mailmgr 1.2.3 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/mailmgr.unsort, (2) /tmp/mailmgr.tmp, or (3) /tmp/mailmgr.sort.... Read more

    Affected Products : mailmgr
    • EPSS Score: %0.08
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0289

    Buffer overflow in sdbscan in SignatureDB 0.1.1 allows local users to cause a denial of service (segmentation fault) via a database file that contains a large key parameter.... Read more

    Affected Products : signaturedb
    • EPSS Score: %0.06
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2013-0370

    Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.... Read more

    Affected Products : supply_chain_products_suite
    • EPSS Score: %0.17
    • Published: Jan. 17, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-4496

    Cross-site scripting (XSS) vulnerability in the Custom Publishing Options module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer nodes" permission to inject arbitrary web script or HTML via the status labels parame... Read more

    Affected Products : drupal custom_pub
    • EPSS Score: %0.34
    • Published: Oct. 31, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2016-0446

    Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 11.2.0.4, 12.1.0.4, and 12.1.0.5 allows local users to affect confidentiality via unknown vectors related to Agent Next Gen.... Read more

    • EPSS Score: %0.16
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2011-2146

    mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1 allows guest OS users to d... Read more

    Affected Products : esx esxi player workstation fusion
    • EPSS Score: %0.08
    • Published: Jun. 06, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-0200

    The Red Hat Enterprise Virtualization Manager reports (rhevm-reports) package before 3.3.3-1 uses world-readable permissions on the datasource configuration file (js-jboss7-ds.xml), which allows local users to obtain sensitive information by reading the f... Read more

    Affected Products : rhevm-reports
    • EPSS Score: %0.04
    • Published: May. 29, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2006-2660

    Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 and 4.x before 4.4.3 allows local users to bypass restrictions and create PHP files with fixed names in other directories via a pathname argument longer than MAXPATHLEN, which prevents ... Read more

    Affected Products : php
    • EPSS Score: %0.28
    • Published: Jun. 13, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2014-3561

    The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensitive information by listing the processes.... Read more

    Affected Products : enterprise_virtualization
    • EPSS Score: %0.06
    • Published: Dec. 05, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 291918 Results