Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2012-0097

    Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect confidentiality via unknown vectors related to ksh93 Shell.... Read more

    Affected Products : sunos solaris
    • EPSS Score: %0.06
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-2075

    Cross-site scripting (XSS) vulnerability in the Contact Save module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the access site-wide contact form permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal contact_save
    • EPSS Score: %0.34
    • Published: Aug. 14, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-0321

    Unspecified vulnerability in the device driver in Kingsoft Internet Security 2011 allows local users to cause a denial of service via a crafted application.... Read more

    Affected Products : internet_security
    • EPSS Score: %0.06
    • Published: Mar. 02, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2011-5188

    Cross-site scripting (XSS) vulnerability in the Support Timer module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "track time spent" permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal support_timer
    • EPSS Score: %0.23
    • Published: Sep. 20, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2009-5061

    Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.14 services for Lotus Domino, when Domino Native Authentication is enabled, might allow remote authenticated users to cause a denial of service (daemon crash) by going offline, aka SPR MLZG7UP... Read more

    Affected Products : lotus_quickr lotus_domino
    • EPSS Score: %0.57
    • Published: Mar. 22, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-1783

    Cross-site scripting (XSS) vulnerability in the 3 slide gallery in page--front.tpl.php in the Business theme before 7.x-1.8 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspe... Read more

    Affected Products : drupal business
    • EPSS Score: %0.35
    • Published: Mar. 27, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-2705

    The filter_titles function in the Smart Breadcrumb module 6.x-1.x before 6.x-1.3 for Drupal does not properly convert a title to plain-text, which allows remote authenticated users with create or edit node permissions to conduct cross-site scripting (XSS)... Read more

    Affected Products : drupal smart_breadcrumb
    • EPSS Score: %0.30
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2004-0289

    Buffer overflow in sdbscan in SignatureDB 0.1.1 allows local users to cause a denial of service (segmentation fault) via a database file that contains a large key parameter.... Read more

    Affected Products : signaturedb
    • EPSS Score: %0.06
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0283

    Mailmgr 1.2.3 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/mailmgr.unsort, (2) /tmp/mailmgr.tmp, or (3) /tmp/mailmgr.sort.... Read more

    Affected Products : mailmgr
    • EPSS Score: %0.08
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2012-1652

    Cross-site scripting (XSS) vulnerability in the Hierarchical Select module 6.x-3.x before 6.x-3.8 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via unspecified vectors related to "... Read more

    • EPSS Score: %0.27
    • Published: Sep. 19, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-1630

    Cross-site scripting (XSS) vulnerability in the Taxonomy Navigator module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal taxonomy_navigator
    • EPSS Score: %0.15
    • Published: Sep. 20, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-4039

    ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does not properly restrict permissions for /tmp/diagSEsnap/snapH.tar.gz, which allows local users to obtain sensitive information by reading files in this archive, as demonstrated by /var/log/... Read more

    • EPSS Score: %0.06
    • Published: Jun. 17, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2010-5146

    The Remote Filtering component in Websense Web Security and Web Filter before 7.1 Hotfix 66 allows local users to bypass filtering by (1) renaming the WDC.exe file or (2) deleting driver files.... Read more

    • EPSS Score: %0.06
    • Published: Aug. 23, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2006-2205

    The audio_write function in NetBSD 3.0 allows local users to cause a denial of service (kernel crash) by using the audiosetinfo ioctl to change the sample rate of an audio device.... Read more

    Affected Products : netbsd
    • EPSS Score: %0.07
    • Published: May. 05, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-4537

    NET$SESSION_CONTROL.EXE in DECnet-Plus in OpenVMS ALPHA 7.3-2 and Alpha 8.2 writes a password to an audit log file when there is a successful connection after a "network breakin" event, which allows local users to obtain passwords by reading the file.... Read more

    Affected Products : dec_openvms_alpha
    • EPSS Score: %0.07
    • Published: Sep. 05, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2008-0580

    Geert Moernaut LSrunasE and Supercrypt use an encryption key composed of an SHA1 hash of a fixed string embedded in the executable file, which makes it easier for local users to obtain this key without reverse engineering.... Read more

    Affected Products : lsrunase supercrypt
    • EPSS Score: %0.03
    • Published: Feb. 05, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2014-5247

    The _UpgradeBeforeConfigurationChange function in lib/client/gnt_cluster.py in Ganeti 2.10.0 before 2.10.7 and 2.11.0 before 2.11.5 uses world-readable permissions for the configuration backup file, which allows local users to obtain SSL keys, remote API ... Read more

    Affected Products : ganeti ganeti
    • EPSS Score: %0.07
    • Published: Aug. 29, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2006-0640

    Orbicule Undercover allows attackers with physical or root access to disable the protection by using the chmod command to change the permissions of the /private/etc/uc.app/Contents/MacOS/uc file, which prevents the service from being started in LaunchDaem... Read more

    Affected Products : undercover
    • EPSS Score: %0.05
    • Published: Feb. 10, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2013-0370

    Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.... Read more

    Affected Products : supply_chain_products_suite
    • EPSS Score: %0.17
    • Published: Jan. 17, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2006-5659

    PAM_extern before 0.2 sends a password as a command line argument, which allows local users to obtain the password by listing the command line arguments, such as ps. NOTE: the provenance of this information is unknown; the details are obtained solely fro... Read more

    Affected Products : pam_extern
    • EPSS Score: %0.06
    • Published: Nov. 03, 2006
    • Modified: Apr. 09, 2025
Showing 20 of 291593 Results