Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-1999-1407

    ifdhcpc-done script for configuring DHCP on Red Hat Linux 5 allows local users to append text to arbitrary files via a symlink attack on the dhcplog file.... Read more

    Affected Products : linux
    • EPSS Score: %0.14
    • Published: Mar. 09, 1998
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-1499

    named in ISC BIND 4.9 and 8.1 allows local users to destroy files via a symlink attack on (1) named_dump.db when root kills the process with a SIGINT, or (2) named.stats when SIGIOT is used.... Read more

    Affected Products : bind
    • EPSS Score: %0.19
    • Published: Apr. 10, 1998
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-0712

    A vulnerability in Caldera Open Administration System (COAS) allows the /etc/shadow password file to be made world-readable.... Read more

    Affected Products : openlinux coas
    • EPSS Score: %0.13
    • Published: Apr. 27, 1999
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-0714

    Vulnerability in Compaq Tru64 UNIX edauth command.... Read more

    Affected Products : unix
    • EPSS Score: %0.08
    • Published: Feb. 15, 1999
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1387

    The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.... Read more

    Affected Products : http_server
    • EPSS Score: %0.18
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-6656

    Unspecified vulnerability in ptrace in NetBSD-current before 20061027, NetBSD 3.0 and 3.0.1 before 20061027, and NetBSD 2.x before 20061119 allows local users to read kernel memory and obtain sensitive information via certain manipulations of a PT_LWPINFO... Read more

    Affected Products : netbsd
    • EPSS Score: %0.06
    • Published: Dec. 20, 2006
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-1999-1409

    The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local users to read portions of arbitrary files by submitting the file to at with the -f argument, which generates error messages that at sends to the user via e-mail.... Read more

    Affected Products : netbsd irix
    • EPSS Score: %0.31
    • Published: Jul. 03, 1998
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-1430

    PIM software for Royal daVinci does not properly password-protext access to data stored in the .mdb (Microsoft Access) file, which allows local users to read the data without a password by directly accessing the files with a different application, such as... Read more

    Affected Products : davinci
    • EPSS Score: %0.12
    • Published: Jan. 01, 1999
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2015-3999

    Piriform CCleaner 3.26.0.1988 through 5.02.5101 writes the filenames to disk when overwriting files, which allows local users to obtain sensitive information by searching unallocated disk space.... Read more

    Affected Products : ccleaner
    • EPSS Score: %0.04
    • Published: May. 20, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2004-2230

    Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 allows local users to cause a denial of service (panic) and corrupt memory via IPSEC credentials on a socket.... Read more

    Affected Products : openbsd
    • EPSS Score: %0.11
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2013-3273

    EMC RSA Authentication Manager 8.0 before P2 and 7.1 before SP4 P26, as used in Appliance 3.0, does not omit the cleartext administrative password from trace logging in custom SDK applications, which allows local users to obtain sensitive information by r... Read more

    • EPSS Score: %0.05
    • Published: Jul. 08, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2006-0427

    Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0 and 8.1 through SP5 allows malicious EJBs or servlet applications to decrypt system passwords, possibly by accessing functionality that should have been restricted.... Read more

    Affected Products : weblogic_server
    • EPSS Score: %0.08
    • Published: Jan. 25, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2008-5914

    An unspecified function in the JavaScript implementation in Apple Safari creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up ... Read more

    Affected Products : safari
    • EPSS Score: %0.23
    • Published: Jan. 20, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2010-1995

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS before 2.0.5 allow remote authenticated users, with "Add new article" privileges, to inject arbitrary web script or HTML via the (1) title, (2) subTitle, and (3) author paramete... Read more

    Affected Products : tomatocms
    • EPSS Score: %0.34
    • Published: May. 20, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2009-3402

    Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows remote authenticated users to affect confidentiality via unknown vectors.... Read more

    Affected Products : e-business_suite
    • EPSS Score: %0.36
    • Published: Oct. 22, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2005-2731

    Directory traversal vulnerability in Astaro Security Linux 6.0, when using Webmin, allows remote authenticated webmin users to read arbitrary files via a .. (dot dot) in the wfe_download parameter to index.fpl.... Read more

    Affected Products : security_linux
    • EPSS Score: %0.12
    • Published: Aug. 30, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-2412

    Winamp 2.80 stores authentication credentials in plaintext in the (1) [HTTP-AUTH] and (2) [winamp] sections in winamp.ini, which allows local users to gain access to other accounts.... Read more

    Affected Products : winamp
    • EPSS Score: %0.13
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2013-0259

    Cross-site scripting (XSS) vulnerability in the Boxes module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with administer or edit boxes permissions to inject arbitrary web script or HTML via the subject parameter.... Read more

    Affected Products : drupal boxes
    • EPSS Score: %0.18
    • Published: Mar. 27, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2017-18392

    cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts (SEC-325).... Read more

    Affected Products : cpanel
    • EPSS Score: %0.27
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 2.1

    LOW
    CVE-2004-1895

    YaST Online Update (YOU) in SuSE 8.2 and 9.0 allows local users to overwrite arbitrary files via a symlink attack on you-$USER/cookies.... Read more

    Affected Products : suse_linux
    • EPSS Score: %0.08
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 291385 Results