Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2013-0227

    Cross-site scripting (XSS) vulnerability in the Search API Sorts module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified field labels.... Read more

    Affected Products : drupal search_api_sorts
    • EPSS Score: %0.20
    • Published: Mar. 19, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-4218

    The InitMethodAndPassword function in InfraStack/OSAgnostic/WiMax/Agents/Supplicant/Source/SupplicantAgent.c in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices uses the same RSA private key in supplicant_key.... Read more

    Affected Products : wimax_network_service
    • EPSS Score: %0.06
    • Published: Aug. 25, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2011-0993

    SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : suse_lifecycle_management_server
    • EPSS Score: %0.13
    • Published: Apr. 16, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2010-1996

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS before 2.0.5 allow remote authenticated users, with certain creation privileges, to inject arbitrary web script or HTML via the (1) content parameter in conjunction with a /admi... Read more

    Affected Products : tomatocms
    • EPSS Score: %0.46
    • Published: May. 20, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2009-1292

    UCM-CQ in IBM Rational ClearCase 7.0.0.x before 7.0.0.5, 7.0.1.x before 7.0.1.4, and 7.1.x before 7.1.0.1 on Linux and AIX places a username and password on the command line, which allows local users to obtain credentials by listing the process.... Read more

    Affected Products : aix rational_clearcase unix
    • EPSS Score: %0.05
    • Published: Apr. 14, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2004-2477

    DiamondCS Process Guard Free 2.000 allows local users to disable the process guard protection system by overwriting the current Service Descriptor Table (SDT) in \device\physicalmemory with the original SDT found in ntoskrnl.exe.... Read more

    Affected Products : process_guard_free
    • EPSS Score: %0.12
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2008-2747

    No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak permissions for the HKLM\SOFTWARE\Vitalwerks\DUC registry key, which allows local users to obtain obfuscated passwords and other sensitive information by reading the (1) TrayPassword, (2) Userna... Read more

    Affected Products : windows dynamic_update_client
    • EPSS Score: %0.05
    • Published: Jun. 18, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2008-1970

    muCommander before 0.8.2 stores credentials.xml with insecure permissions, which allows local users to obtain credentials.... Read more

    Affected Products : mucommander
    • EPSS Score: %0.05
    • Published: Apr. 27, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2012-2760

    mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.... Read more

    Affected Products : mod_auth_openid
    • EPSS Score: %0.42
    • Published: Jul. 25, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2006-0584

    The PSCipher function in PeopleSoft People Tools 8.4x uses PKCS #5 with a fixed DES key to store user passwords, which makes it easier for local users to guess passwords using a dictionary attack that compares output strings.... Read more

    Affected Products : peopletools
    • EPSS Score: %0.07
    • Published: Feb. 08, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2010-0223

    Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler Elite Privacy Edition (DTEP) USB flash drives do not prevent password replay attacks, which allows physically proximate attackers to access the cleartext d... Read more

    • EPSS Score: %0.08
    • Published: Jan. 07, 2010
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2008-2367

    Red Hat Certificate System 7.2 uses world-readable permissions for password.conf and unspecified other configuration files, which allows local users to discover passwords by reading these files.... Read more

    Affected Products : certificate_system
    • EPSS Score: %0.03
    • Published: Jan. 20, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2009-1680

    Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly clear the search history when it is cleared from the Settings application, which allows physically proximate attackers to obtain the search histor... Read more

    Affected Products : iphone_os ipod_touch
    • EPSS Score: %0.07
    • Published: Jun. 19, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2006-5724

    Heap-based buffer overflow the "Answering Service" function in ICQ 2003b Build 3916 allows local users to cause a denial of service (application crash) via a long string in the "AwayMsg Presets" value in the ICQ\ICQPro\DefaultPrefs\Presets registry key.... Read more

    Affected Products : icq
    • EPSS Score: %0.17
    • Published: Nov. 04, 2006
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2014-2343

    Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows physically proximate attackers to cause a denial of service (excessive data processing) via a crafted DNP request over a serial line.... Read more

    Affected Products : scada_data_gateway
    • EPSS Score: %0.06
    • Published: May. 30, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2012-2076

    Cross-site scripting (XSS) vulnerability in the administration forms in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with administer sharethis permissions to inject arbitrary web script or HTML via unspecified v... Read more

    Affected Products : drupal sharethis
    • EPSS Score: %0.26
    • Published: Aug. 14, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-2072

    Cross-site scripting (XSS) vulnerability in the Share Buttons (AddToAny) module 6.x-3.x before 6.x-3.4 for Drupal allows remote authenticated users with the administer addtoany permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal addtoany
    • EPSS Score: %0.34
    • Published: Aug. 14, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-4303

    Multiple cross-site scripting (XSS) vulnerabilities in the Touch theme 7.x-1.x before 7.x-1.9 for Drupal allow remote authenticated users with the Administer themes permission to inject arbitrary web script or HTML via vectors related to the (1) Twitter a... Read more

    Affected Products : touch
    • EPSS Score: %0.37
    • Published: Jun. 18, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2011-1822

    The LDAP_ADD implementation in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0009 stores a cleartext SHA password in the change log, which might allow local users to obtain sensitive information by reading this log.... Read more

    Affected Products : tivoli_directory_server
    • EPSS Score: %0.05
    • Published: Apr. 21, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-4548

    IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (daemon crash) by accepting a meeting invitation with an iNotes client and then accepting this meeting invitation with an iPhone client.... Read more

    Affected Products : lotus_notes_traveler notes_traveler
    • EPSS Score: %0.41
    • Published: Dec. 16, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 291401 Results