Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2013-0260

    Unspecified vulnerability in the Drush Debian Packaging module for Drupal allows local users to obtain database credentials via unknown vectors.... Read more

    Affected Products : drupal drush_debian_packaging
    • EPSS Score: %0.06
    • Published: Mar. 27, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-3191

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect availability via unknown vectors related to Data Mover.... Read more

    Affected Products : peoplesoft_products
    • EPSS Score: %0.45
    • Published: Oct. 17, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-4383

    Cross-site scripting (XSS) vulnerability in the jQuery Countdown module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal jquery_countdown
    • EPSS Score: %0.21
    • Published: Jan. 31, 2014
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-2913

    The Citibank Citi Mobile app before 2.0.3 for iOS stores account data in a file, which allows local users to obtain sensitive information via vectors involving (1) the mobile device or (2) a synchronized computer.... Read more

    Affected Products : iphone_os citi_mobile
    • EPSS Score: %0.06
    • Published: Jul. 30, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2008-4646

    The Websense Reporter Module in Websense Enterprise 6.3.2 stores the SQL database system administrator password in plaintext in CreateDbInstall.log, which allows local users to gain privileges to the database.... Read more

    Affected Products : enterpise
    • EPSS Score: %0.07
    • Published: Oct. 22, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2011-3570

    Unspecified vulnerability in Oracle Communications Unified 7.0 allows local users to affect confidentiality via unknown vectors related to Calendar Server.... Read more

    Affected Products : communications_unified
    • EPSS Score: %0.07
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2011-4142

    The Web Search feature in EMC SourceOne Email Management 6.5 before 6.5.2.4033, 6.6 before 6.6.1.2194, and 6.7 before 6.7.2.2033 places cleartext credentials in log files, which allows local users to obtain sensitive information by reading these files.... Read more

    Affected Products : sourceone_email_management
    • EPSS Score: %0.06
    • Published: Jan. 19, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-4452

    Red Hat JBoss Operations Network 3.1.2 uses world-readable permissions for the (1) server and (2) agent configuration files, which allows local users to obtain authentication credentials and other unspecified sensitive information by reading these files.... Read more

    Affected Products : jboss_operations_network
    • EPSS Score: %0.05
    • Published: Dec. 24, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-6181

    EMC Watch4Net before 6.3 stores cleartext polled-device passwords in the installation repository, which allows local users to obtain sensitive information by leveraging repository privileges.... Read more

    Affected Products : watch4net
    • EPSS Score: %0.14
    • Published: Dec. 28, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-2975

    Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 does not properly handle multiple SSH sessions, which allows physically proximate attackers to read a password, related to an "arrow key failure," aka Bug ID CSCtg51544.... Read more

    • EPSS Score: %0.15
    • Published: Aug. 10, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-1779

    Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Fresh theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal fresh
    • EPSS Score: %0.20
    • Published: Mar. 27, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-3276

    HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows local users to cause a denial of service via unspecified vec... Read more

    Affected Products : openvms openvms
    • EPSS Score: %0.08
    • Published: Dec. 13, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2009-2899

    The monitor perl script in the Sybase database plug-in in SpringSource Hyperic HQ before 4.3 allows local users to obtain the database password by listing the process and its arguments.... Read more

    Affected Products : hyperic_hq
    • EPSS Score: %0.04
    • Published: Dec. 05, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-3976

    The (1) Data Protection for Exchange component 6.1 before 6.1.3.4 and 6.3 before 6.3.1 in IBM Tivoli Storage Manager for Mail and the (2) FlashCopy Manager for Exchange component 2.2 and 3.1 before 3.1.1 in IBM Tivoli Storage FlashCopy Manager do not prop... Read more

    • EPSS Score: %0.18
    • Published: Mar. 26, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-1778

    Cross-site scripting (XSS) vulnerability in the Creative Theme 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons.... Read more

    Affected Products : drupal creative
    • EPSS Score: %0.20
    • Published: Mar. 27, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-3206

    Unspecified vulnerability in the Integrated Lights Out Manager CLI in Oracle Sun Products Suite SysFW 8.2.0.a for SPARC and Netra SPARC T3 and T4-based servers, and other versions and servers, allows local users to affect confidentiality via unknown vecto... Read more

    • EPSS Score: %0.41
    • Published: Oct. 17, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-0324

    Cross-site scripting (XSS) vulnerability in the Rendered links formatter in the Menu Reference module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the "Administer menus and menu items" permission to inject arbitrary web script ... Read more

    Affected Products : drupal menu_reference
    • EPSS Score: %0.20
    • Published: Mar. 27, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2008-4807

    IBM Lotus Connections 2.x before 2.0.1 stores the password for the administrative user in the trace.log file, which allows local users to obtain sensitive information by reading this file. NOTE: the provenance of this information is unknown; the details ... Read more

    Affected Products : lotus_connections
    • EPSS Score: %0.06
    • Published: Oct. 31, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2013-0947

    EMC RSA Authentication Manager 8.0 before P1 allows local users to discover cleartext operating-system passwords, HTTP plug-in proxy passwords, and SNMP communities by reading a (1) log file or (2) configuration file.... Read more

    Affected Products : authentication_manager
    • EPSS Score: %0.05
    • Published: Jun. 07, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2020-14770

    Vulnerability in the Hyperion BI+ product of Oracle Hyperion (component: IQR-Foundation service). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple proto... Read more

    Affected Products : hyperion_bi\+ hyperion_workspace
    • EPSS Score: %0.21
    • Published: Oct. 21, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291739 Results