Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2006-1814

    NetBSD 1.6, 2.0, 2.1 and 3.0 allows local users to cause a denial of service (memory exhaustion) by using the sysctl system call to lock a large buffer into physical memory.... Read more

    Affected Products : netbsd
    • EPSS Score: %0.07
    • Published: Apr. 18, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2010-2975

    Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 does not properly handle multiple SSH sessions, which allows physically proximate attackers to read a password, related to an "arrow key failure," aka Bug ID CSCtg51544.... Read more

    • EPSS Score: %0.15
    • Published: Aug. 10, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-3277

    The installer in VMware Workstation 7.x before 7.1.2 build 301548 and VMware Player 3.x before 3.1.2 build 301548 renders an index.htm file if present in the installation directory, which might allow local users to trigger unintended interpretation of web... Read more

    Affected Products : player workstation
    • EPSS Score: %0.10
    • Published: Sep. 28, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2008-7207

    RivetTracker before 1.0 stores passwords in cleartext in config.php, which allows local users to discover passwords by reading config.php.... Read more

    Affected Products : rivettracker
    • EPSS Score: %0.06
    • Published: Sep. 11, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2014-4506

    Cross-site scripting (XSS) vulnerability in the Custom Meta module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the "administer custom meta settings" permission to inject arbitrary web script or HTML ... Read more

    Affected Products : custom_meta
    • EPSS Score: %0.23
    • Published: Jun. 20, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2007-3722

    The 4BSD process scheduler in the FreeBSD kernel performs scheduling based on CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption) by performing voluntary nanosecond sleeps that... Read more

    Affected Products : freebsd
    • EPSS Score: %0.06
    • Published: Jul. 12, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2008-3895

    LILO 22.6.1 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated ... Read more

    Affected Products : lilo
    • EPSS Score: %0.06
    • Published: Sep. 03, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2008-3777

    The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, writes account names and passwords to the (1) alarm and (2) system logs during failed login attempts, which a... Read more

    • EPSS Score: %0.06
    • Published: Aug. 25, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2007-3720

    The process scheduler in the Linux kernel 2.4 performs scheduling based on CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption) by performing voluntary nanosecond sleeps that re... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Jul. 12, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2014-3045

    IBM Scale Out Network Attached Storage (SONAS) 1.3.x and 1.4.x before 1.4.3.3 places an administrative password in the shell history upon use of the -p option to chuser, which allows local users to obtain sensitive information by leveraging root access.... Read more

    • EPSS Score: %0.05
    • Published: Jul. 19, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2007-6267

    Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information.... Read more

    • EPSS Score: %0.08
    • Published: Dec. 07, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2007-3706

    The _sanitize_globals function in CodeIgniter 1.5.3 before 20070628 allows remote attackers to unset arbitrary global variables with unspecified impact, as demonstrated by a _SERVER cookie.... Read more

    Affected Products : codeigniter
    • EPSS Score: %0.16
    • Published: Jul. 11, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2009-3488

    Cross-site scripting (XSS) vulnerability in the Bibliography (aka Biblio) module 6.x-1.6 for Drupal allows remote authenticated users, with certain content-creation privileges, to inject arbitrary web script or HTML via the Title field, probably a differe... Read more

    Affected Products : drupal bibliography
    • EPSS Score: %0.20
    • Published: Sep. 30, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2008-3897

    DiskCryptor 0.2.6 on Windows stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associ... Read more

    Affected Products : disckcryptor windows
    • EPSS Score: %0.06
    • Published: Sep. 03, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2008-7292

    Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before 3.0.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files, a different v... Read more

    Affected Products : windows bugzilla
    • EPSS Score: %0.06
    • Published: Aug. 09, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-2002

    Cross-site scripting (XSS) vulnerability in the Wordfilter module 5.x before 5.x-1.1 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with "administer words filtered" privileges, to inject arbitrary web script or HTML via the word list... Read more

    Affected Products : drupal wordfilter wordfilter
    • EPSS Score: %0.23
    • Published: May. 20, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-1294

    Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows local users to obtain sensitive information via unknown vectors.... Read more

    Affected Products : coldfusion
    • EPSS Score: %0.15
    • Published: May. 13, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-1976

    Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb module 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via the node title in a Breadcrumb dis... Read more

    Affected Products : drupal taxonomy_breadcrumb
    • EPSS Score: %0.25
    • Published: May. 19, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-2913

    The Citibank Citi Mobile app before 2.0.3 for iOS stores account data in a file, which allows local users to obtain sensitive information via vectors involving (1) the mobile device or (2) a synchronized computer.... Read more

    Affected Products : iphone_os citi_mobile
    • EPSS Score: %0.06
    • Published: Jul. 30, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2006-0382

    Apple Mac OS X 10.4.5 and allows local users to cause a denial of service (crash) via an undocumented system call.... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %0.07
    • Published: Feb. 14, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 291368 Results