Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2013-0985

    Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality) via an unspecified command line.... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %0.05
    • Published: Jun. 05, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-4817

    The server in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.3.5.10 and 7.x before 7.1.1.100 allows remote attackers to bypass intended access restrictions and replace file backups by using a certain backup option in conjunction with a filename tha... Read more

    Affected Products : tivoli_storage_manager
    • EPSS Score: %0.15
    • Published: Nov. 18, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-4620

    The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information ... Read more

    Affected Products : networker meditech
    • EPSS Score: %0.06
    • Published: Oct. 25, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-1317

    iBooks Commerce in Apple OS X before 10.9.4 places Apple ID credentials in the iBooks log, which allows local users to obtain sensitive information by reading this file.... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %0.07
    • Published: Jul. 01, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-1425

    cmanager 0.32 does not properly enforce nesting when modifying cgroup properties, which allows local users to set cgroup values for all cgroups via unspecified vectors.... Read more

    Affected Products : ubuntu_linux cgmanager
    • EPSS Score: %0.05
    • Published: Jan. 07, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-4431

    Dock in Apple OS X before 10.10 does not properly manage the screen-lock state, which allows physically proximate attackers to view windows by leveraging an unattended workstation.... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %0.07
    • Published: Oct. 18, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-6488

    Unspecified vulnerability in the Enterprise Manager for Oracle Database component in Oracle Enterprise Manager Grid Control EM Base Platform: 10.2.0.5, 11.1.0.1 EM DB Control: 11.1.0.7, 11.2.0.3, 11.2.0.4 EM Plugin for DB: 12.1.0.4, 12.1.0.5, and 12.1.0.6... Read more

    • EPSS Score: %0.19
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-5162

    Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.06
    • Published: Oct. 24, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2020-14770

    Vulnerability in the Hyperion BI+ product of Oracle Hyperion (component: IQR-Foundation service). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple proto... Read more

    Affected Products : hyperion_bi\+ hyperion_workspace
    • EPSS Score: %0.21
    • Published: Oct. 21, 2020
    • Modified: Nov. 21, 2024

  • 2.1

    LOW
    CVE-2013-5964

    Cross-site scripting (XSS) vulnerability in the administration page in the Flag module 7.x-3.x before 7.x-3.1 for Drupal allows remote authenticated users with the "Administer flags" permission to inject arbitrary web script or HTML via the flag title.... Read more

    Affected Products : drupal flag_module
    • EPSS Score: %0.23
    • Published: Sep. 30, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2009-2796

    The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for iPod touch, allows physically proximate attackers to discover a password by watching a user undo deletions of characters in the password.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.07
    • Published: Sep. 10, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2013-1971

    Cross-site scripting (XSS) vulnerability in the MP3 Player module for Drupal 6.x allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the file name of a MP3 file.... Read more

    Affected Products : drupal mp3_player
    • EPSS Score: %0.16
    • Published: Jun. 25, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2008-3898

    Secu Star DriveCrypt Plus Pack 3.9 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations ... Read more

    Affected Products : drivecrypt_plus_pack
    • EPSS Score: %0.06
    • Published: Sep. 03, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2008-3895

    LILO 22.6.1 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated ... Read more

    Affected Products : lilo
    • EPSS Score: %0.06
    • Published: Sep. 03, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2010-0384

    Tor 0.2.2.x before 0.2.2.7-alpha, when functioning as a directory mirror, does not prevent logging of the client IP address upon detection of erroneous client behavior, which might make it easier for local users to discover the identities of clients in op... Read more

    Affected Products : tor tor
    • EPSS Score: %0.06
    • Published: Jan. 25, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-4140

    Cross-site scripting (XSS) vulnerability in the TinyBox (Simple Splash) module before 7.x-2.2 for Drupal allows remote authenticated users with the "administer tinybox" permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal tinybox
    • EPSS Score: %0.35
    • Published: Jul. 29, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-4427

    pyxtrlock before 0.2 does not properly check the return values of the (1) xcb_grab_pointer and (2) xcb_grab_keyboard XCB library functions, which allows physically proximate attackers to gain access to the keyboard or mouse without unlocking the screen vi... Read more

    Affected Products : pyxtrlock
    • EPSS Score: %0.07
    • Published: May. 19, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2008-3897

    DiskCryptor 0.2.6 on Windows stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associ... Read more

    Affected Products : disckcryptor windows
    • EPSS Score: %0.06
    • Published: Sep. 03, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2009-2314

    Race condition in the Sun Lightweight Availability Collection Tool 3.0 on Solaris 7 through 10 allows local users to overwrite arbitrary files via unspecified vectors.... Read more

    • EPSS Score: %0.07
    • Published: Jul. 05, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2009-3488

    Cross-site scripting (XSS) vulnerability in the Bibliography (aka Biblio) module 6.x-1.6 for Drupal allows remote authenticated users, with certain content-creation privileges, to inject arbitrary web script or HTML via the Title field, probably a differe... Read more

    Affected Products : drupal bibliography
    • EPSS Score: %0.20
    • Published: Sep. 30, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 291808 Results