Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2015-6557

    IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 5.5 before 5.5.6.1, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 5.5 before ... Read more

    • EPSS Score: %0.05
    • Published: Aug. 23, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-4140

    Cross-site scripting (XSS) vulnerability in the TinyBox (Simple Splash) module before 7.x-2.2 for Drupal allows remote authenticated users with the "administer tinybox" permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal tinybox
    • EPSS Score: %0.35
    • Published: Jul. 29, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-5742

    VeeamVixProxy in Veeam Backup & Replication (B&R) before 8.0 update 3 stores local administrator credentials in log files with world-readable permissions, which allows local users to obtain sensitive information by reading the files.... Read more

    • EPSS Score: %0.05
    • Published: Oct. 16, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-4974

    The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local users to obtain sensitive information from kernel memory v... Read more

    Affected Products : personal_firewall_ndis_filter
    • EPSS Score: %0.06
    • Published: Nov. 04, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-1933

    IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX001 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Managemen... Read more

    • EPSS Score: %0.08
    • Published: Oct. 04, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-2027

    IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 improperly performs logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.... Read more

    Affected Products : websphere_extreme_scale
    • EPSS Score: %0.14
    • Published: Oct. 04, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-0988

    Omron CX-One CX-Programmer before 9.6 uses a reversible format for password storage in project source-code files, which makes it easier for local users to obtain sensitive information by reading a file.... Read more

    Affected Products : cx-programmer
    • EPSS Score: %0.06
    • Published: Oct. 06, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-1650

    Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses weak permissions (group "other" readable) under opt/open-xchange/etc/, which allows local users to obtain sensitive information via standard filesystem operations.... Read more

    Affected Products : open-xchange_server
    • EPSS Score: %0.20
    • Published: Sep. 05, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-8536

    McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to obtain sensitive information by reading unspecified error messages.... Read more

    Affected Products : network_data_loss_prevention
    • EPSS Score: %0.06
    • Published: Oct. 29, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-0947

    EMC RSA Authentication Manager 8.0 before P1 allows local users to discover cleartext operating-system passwords, HTTP plug-in proxy passwords, and SNMP communities by reading a (1) log file or (2) configuration file.... Read more

    Affected Products : authentication_manager
    • EPSS Score: %0.05
    • Published: Jun. 07, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-1778

    Cross-site scripting (XSS) vulnerability in the Creative Theme 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons.... Read more

    Affected Products : drupal creative
    • EPSS Score: %0.20
    • Published: Mar. 27, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-4427

    pyxtrlock before 0.2 does not properly check the return values of the (1) xcb_grab_pointer and (2) xcb_grab_keyboard XCB library functions, which allows physically proximate attackers to gain access to the keyboard or mouse without unlocking the screen vi... Read more

    Affected Products : pyxtrlock
    • EPSS Score: %0.07
    • Published: May. 19, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-2715

    Cross-site scripting (XSS) vulnerability in the admin view in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a crafted field name.... Read more

    Affected Products : drupal search_api
    • EPSS Score: %0.25
    • Published: Mar. 27, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2017-2752

    A potential security vulnerability caused by incomplete obfuscation of application configuration information was discovered in Tommy Hilfiger TH24/7 Android app versions 2.0.0.11, 2.0.1.14, 2.1.0.16, and 2.2.0.19. HP has no access to customer data as a re... Read more

    Affected Products : tommy_hilfiger_th24\/7
    • EPSS Score: %0.11
    • Published: Mar. 27, 2019
    • Modified: Nov. 21, 2024

  • 2.1

    LOW
    CVE-2013-1779

    Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Fresh theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal fresh
    • EPSS Score: %0.20
    • Published: Mar. 27, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-1785

    Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Premium Responsive theme before 7.x-1.6 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vector... Read more

    Affected Products : drupal responsive
    • EPSS Score: %0.23
    • Published: Mar. 27, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-6746

    Basware Banking (Maksuliikenne) before 8.90.07.X stores private keys in plaintext in the SQL database, which allows remote attackers to spoof communications with banks via unspecified vectors. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 d... Read more

    Affected Products : banking
    • EPSS Score: %0.12
    • Published: Aug. 31, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-1971

    Cross-site scripting (XSS) vulnerability in the MP3 Player module for Drupal 6.x allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the file name of a MP3 file.... Read more

    Affected Products : drupal mp3_player
    • EPSS Score: %0.16
    • Published: Jun. 25, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-6752

    Cross-site scripting (XSS) vulnerability in the Search API Autocomplete module 7.x-1.x before 7.x-1.3 for Drupal, when the search index is configured to use the HTML filter processor, allows remote authenticated users with certain permissions to inject ar... Read more

    Affected Products : search_api_autocomplete
    • EPSS Score: %0.14
    • Published: Aug. 31, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-3976

    The (1) Data Protection for Exchange component 6.1 before 6.1.3.4 and 6.3 before 6.3.1 in IBM Tivoli Storage Manager for Mail and the (2) FlashCopy Manager for Exchange component 2.2 and 3.1 before 3.1.1 in IBM Tivoli Storage FlashCopy Manager do not prop... Read more

    • EPSS Score: %0.18
    • Published: Mar. 26, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 291275 Results