Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2015-4753

    Unspecified vulnerability in the RDBMS Support Tools component in Oracle Database Server 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality via unknown vectors.... Read more

    Affected Products : database_server
    • EPSS Score: %0.42
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2004-0974

    The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.... Read more

    • EPSS Score: %0.10
    • Published: Feb. 09, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0341

    WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a 0Ah byte (newline) is sent, which allows local users to cause a denial of service (CPU consumption) by continuing to send a long command that does not contain a newline.... Read more

    Affected Products : wftpd
    • EPSS Score: %0.15
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2003-1065

    Unknown vulnerability in patches 108993-14 through 108993-19 and 108994-14 through 108994-19 for Solaris 8 may allow local users to cause a denial of service (automountd crash).... Read more

    Affected Products : solaris sunos
    • EPSS Score: %0.06
    • Published: Jul. 23, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2015-1996

    IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not prevent caching of HTTPS responses, which allows physically proximate attackers to obtain sensitive local-cache information by leveraging an unattended workstation.... Read more

    • EPSS Score: %0.06
    • Published: Nov. 08, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-8534

    Unspecified vulnerability in the login form in McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to cause a denial of service via a crafted value in the domain field.... Read more

    Affected Products : network_data_loss_prevention
    • EPSS Score: %0.05
    • Published: Oct. 29, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-1355

    Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak password-hash algorithm, which makes it easier for local users to determine cleartext passwords by reading a project file and conducting a brute-force attack.... Read more

    Affected Products : simatic_step_7
    • EPSS Score: %0.06
    • Published: Feb. 18, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-3099

    Unspecified vulnerability in the Security component in IBM Systems Director 6.3.0 through 6.3.5 allows local users to obtain sensitive information via unknown vectors.... Read more

    Affected Products : systems_director
    • EPSS Score: %0.13
    • Published: Dec. 06, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-3800

    XBMC 13.0 uses world-readable permissions for .xbmc/userdata/sources.xml, which allows local users to obtain user names and passwords by reading this file.... Read more

    Affected Products : xbmc
    • EPSS Score: %0.05
    • Published: Aug. 07, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2002-1231

    SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to cause a denial of service via an rcp call on /proc.... Read more

    Affected Products : unixware openunix
    • EPSS Score: %0.06
    • Published: Nov. 04, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2012-0976

    Cross-site scripting (XSS) vulnerability in admin/EditForm in SilverStripe 2.4.6 allows remote authenticated users with Content Authors privileges to inject arbitrary web script or HTML via the Title parameter. NOTE: some of these details are obtained fr... Read more

    Affected Products : silverstripe
    • EPSS Score: %0.38
    • Published: Feb. 02, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2009-2201

    The screensharing feature in the Admin application in Apple Xsan before 2.2 places a cleartext username and password in a URL within an error dialog, which allows physically proximate attackers to obtain credentials by reading this dialog.... Read more

    Affected Products : xsan
    • EPSS Score: %0.08
    • Published: Sep. 15, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2010-2612

    Unspecified vulnerability in the HP OpenVMS Auditing feature in OpenVMS ALPHA 7.3-2, 8.2, and 8.3; and OpenVMS for Integrity Servers 8.3 AND 8.3-1H1; allows local users to obtain sensitive information via unknown vectors.... Read more

    • EPSS Score: %0.13
    • Published: Jul. 02, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-6583

    Cross-site scripting (XSS) vulnerability in the Imagemenu module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer imagemenu" permission to inject arbitrary web script or HTML via an image file name.... Read more

    Affected Products : drupal imagemenu
    • EPSS Score: %0.34
    • Published: Aug. 23, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-4862

    The Host Connect emulator in IBM Rational Developer for System z 7.1 through 8.5.1 does not properly store the SSL certificate password, which allows local users to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : rational_developer_for_system_z
    • EPSS Score: %0.04
    • Published: Dec. 05, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-3999

    Piriform CCleaner 3.26.0.1988 through 5.02.5101 writes the filenames to disk when overwriting files, which allows local users to obtain sensitive information by searching unallocated disk space.... Read more

    Affected Products : ccleaner
    • EPSS Score: %0.04
    • Published: May. 20, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-3273

    EMC RSA Authentication Manager 8.0 before P2 and 7.1 before SP4 P26, as used in Appliance 3.0, does not omit the cleartext administrative password from trace logging in custom SDK applications, which allows local users to obtain sensitive information by r... Read more

    • EPSS Score: %0.05
    • Published: Jul. 08, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-3264

    The engine installer in Novell Identity Manager (aka IDM) 3.6.1 stores admin tree credentials in /tmp/idmInstall.log, which allows local users to obtain sensitive information by reading this file.... Read more

    Affected Products : identity_manager
    • EPSS Score: %0.06
    • Published: Sep. 08, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-1787

    Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Simple Corporate theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal corporate
    • EPSS Score: %0.20
    • Published: Mar. 27, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-1997

    Cross-site scripting (XSS) vulnerability in admin/edit.php in Saurus CMS 4.7.0 allows remote authenticated users, with "Article list" edit privileges, to inject arbitrary web script or HTML via the pealkiri parameter.... Read more

    Affected Products : saurus_cms
    • EPSS Score: %0.46
    • Published: May. 20, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 292761 Results