Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2001-0071

    gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection.... Read more

    Affected Products : privacy_guard
    • EPSS Score: %0.14
    • Published: Feb. 12, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2009-1972

    Unspecified vulnerability in the Auditing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect integrity, related to DBMS_SYS_SQL and DBMS_SQL.... Read more

    Affected Products : database_server
    • EPSS Score: %0.44
    • Published: Oct. 22, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2013-1786

    Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Company theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal company
    • EPSS Score: %0.23
    • Published: Mar. 27, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2009-1435

    NTRtScan.exe in Trend Micro OfficeScan Client 8.0 SP1 and 8.0 SP1 Patch 1 allows local users to cause a denial of service (application crash) via directories with long pathnames. NOTE: some of these details are obtained from third party information.... Read more

    Affected Products : officescan
    • EPSS Score: %0.45
    • Published: Apr. 27, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2012-4496

    Cross-site scripting (XSS) vulnerability in the Custom Publishing Options module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer nodes" permission to inject arbitrary web script or HTML via the status labels parame... Read more

    Affected Products : drupal custom_pub
    • EPSS Score: %0.34
    • Published: Oct. 31, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-4493

    Cross-site scripting (XSS) vulnerability in the administrative interface in the Better Revisions module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer better revisions" permission to inject arbitrary web script or... Read more

    Affected Products : drupal better_revisions
    • EPSS Score: %0.20
    • Published: Nov. 02, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-6143

    The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows local users to obtain sensitive information by reading a response.... Read more

    • EPSS Score: %0.05
    • Published: Dec. 11, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-6211

    The command-line scripts in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 2 through 8, when debugging is configured, do not properly restrict the logging of personal data, which allows local users to obtain sensiti... Read more

    Affected Products : websphere_commerce
    • EPSS Score: %0.06
    • Published: May. 20, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2001-1029

    libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alterna... Read more

    Affected Products : openssh freebsd
    • EPSS Score: %0.13
    • Published: Sep. 20, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1000

    lintian 1.23 and earlier removes the working directory even if it was not created by lintian, which may allow local users to delete arbitrary files or directories via a symlink attack.... Read more

    Affected Products : lintian
    • EPSS Score: %0.06
    • Published: Jan. 10, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-3858

    IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before 10.00.xC4 stores passwords in plaintext in shared memory, which allows local users to obtain passwords by reading the memory (product defects 171893, 171894, 173772).... Read more

    Affected Products : informix_dynamic_server
    • EPSS Score: %0.07
    • Published: Aug. 08, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0415

    Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory.... Read more

    Affected Products : linux_kernel fedora_core secure_linux
    • EPSS Score: %0.30
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0824

    PPPDialer for Mac OS X 10.2.8 through 10.3.5 allows local users to overwrite system files via a symlink attack on PPPDialer log files.... Read more

    Affected Products : mac_os_x
    • EPSS Score: %0.32
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0388

    The mysqld_multi script in MySQL allows local users to overwrite arbitrary files via a symlink attack.... Read more

    Affected Products : mysql
    • EPSS Score: %0.11
    • Published: Jun. 01, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1073

    The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality.... Read more

    • EPSS Score: %0.20
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2007-1856

    Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure permissions, which allows local users to cause a denial of service (cron failure) by creating hard links, which results in a failed st_nlink check in database.c.... Read more

    Affected Products : linux vixie_cron
    • EPSS Score: %0.05
    • Published: Apr. 18, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2006-1439

    NSSecureTextField in AppKit in Apple Mac OS X 10.4.6 does not re-enable secure event input under certain circumstances, which could allow other applications in the window session to monitor input characters and keyboard events.... Read more

    Affected Products : mac_os_x
    • EPSS Score: %0.08
    • Published: May. 12, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2008-2588

    Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.2 allows local users to affect confidentiality via unknown vectors.... Read more

    Affected Products : jdeveloper application_server
    • EPSS Score: %0.18
    • Published: Oct. 14, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2011-4607

    PuTTY 0.59 through 0.61 does not clear sensitive process memory when managing user replies that occur during keyboard-interactive authentication, which might allow local users to read login passwords by obtaining access to the process' memory.... Read more

    Affected Products : putty putty
    • EPSS Score: %0.06
    • Published: Aug. 23, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2001-0169

    When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /li... Read more

    • EPSS Score: %0.14
    • Published: Mar. 26, 2001
    • Modified: Apr. 03, 2025
Showing 20 of 291209 Results