Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 2.1

    LOW
    CVE-2001-0438

    Preview version of Timbuktu for Mac OS X allows local users to modify System Preferences without logging in via the About Timbuktu menu.... Read more

    Affected Products : timbuktu_mac
    • EPSS Score: %0.09
    • Published: Jul. 02, 2001
    • Modified: Apr. 03, 2025
  • 2.1

    LOW
    CVE-2001-0706

    Maximum Rumpus FTP Server 2.0.3 dev and before allows an attacker to cause a denial of service (crash) via a mkdir command that specifies a large number of sub-folders.... Read more

    Affected Products : rumpus_ftp_server
    • EPSS Score: %0.88
    • Published: Sep. 20, 2001
    • Modified: Apr. 03, 2025
  • 2.1

    LOW
    CVE-2002-0110

    Nevrona Designs MiraMail 1.04 and earlier stores authentication information such as POP usernames and passwords in plaintext in a .ini file, which allows an attacker to gain privileges by reading the passwords from the file.... Read more

    Affected Products : miramail
    • EPSS Score: %0.20
    • Published: Mar. 25, 2002
    • Modified: Apr. 03, 2025
  • 2.1

    LOW
    CVE-2001-0052

    IBM DB2 Universal Database version 6.1 allows users to cause a denial of service via a malformed query.... Read more

    Affected Products : db2_universal_database
    • EPSS Score: %1.57
    • Published: Feb. 16, 2001
    • Modified: Apr. 03, 2025
  • 2.1

    LOW
    CVE-2001-1288

    Windows 2000 and Windows NT allows local users to cause a denial of service (reboot) by executing a command at the command prompt and pressing the F7 and enter keys several times while the command is executing, possibly related to an exception handling er... Read more

    Affected Products : windows_2000 windows_nt
    • EPSS Score: %0.43
    • Published: Jul. 27, 2001
    • Modified: Apr. 03, 2025
  • 2.1

    LOW
    CVE-2022-32967

    RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and ser... Read more

    • EPSS Score: %0.06
    • Published: Nov. 29, 2022
    • Modified: Nov. 21, 2024
  • 2.1

    LOW
    CVE-2008-4807

    IBM Lotus Connections 2.x before 2.0.1 stores the password for the administrative user in the trace.log file, which allows local users to obtain sensitive information by reading this file. NOTE: the provenance of this information is unknown; the details ... Read more

    Affected Products : lotus_connections
    • EPSS Score: %0.06
    • Published: Oct. 31, 2008
    • Modified: Apr. 09, 2025
  • 2.1

    LOW
    CVE-2013-0324

    Cross-site scripting (XSS) vulnerability in the Rendered links formatter in the Menu Reference module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the "Administer menus and menu items" permission to inject arbitrary web script ... Read more

    Affected Products : drupal menu_reference
    • EPSS Score: %0.20
    • Published: Mar. 27, 2013
    • Modified: Apr. 11, 2025
  • 2.1

    LOW
    CVE-2011-3982

    The Fibre Channel driver for QLogic adapters in IBM AIX 6.1 and 7.1 does not properly handle DMA resource limitations, which allows local users to cause a denial of service (system hang) via vectors that generate a large amount of DMA I/O, related to a de... Read more

    Affected Products : aix
    • EPSS Score: %0.07
    • Published: Oct. 05, 2011
    • Modified: Apr. 11, 2025
  • 2.1

    LOW
    CVE-2013-0260

    Unspecified vulnerability in the Drush Debian Packaging module for Drupal allows local users to obtain database credentials via unknown vectors.... Read more

    Affected Products : drupal drush_debian_packaging
    • EPSS Score: %0.06
    • Published: Mar. 27, 2013
    • Modified: Apr. 11, 2025
  • 2.1

    LOW
    CVE-2005-1578

    EnCase Forensic Edition 4.18a does not support Device Configuration Overlays (DCO), which allows attackers to hide information without detection.... Read more

    Affected Products : encase
    • EPSS Score: %0.07
    • Published: May. 13, 2005
    • Modified: Apr. 03, 2025
  • 2.1

    LOW
    CVE-2010-0384

    Tor 0.2.2.x before 0.2.2.7-alpha, when functioning as a directory mirror, does not prevent logging of the client IP address upon detection of erroneous client behavior, which might make it easier for local users to discover the identities of clients in op... Read more

    Affected Products : tor tor
    • EPSS Score: %0.06
    • Published: Jan. 25, 2010
    • Modified: Apr. 11, 2025
  • 2.1

    LOW
    CVE-2013-4140

    Cross-site scripting (XSS) vulnerability in the TinyBox (Simple Splash) module before 7.x-2.2 for Drupal allows remote authenticated users with the "administer tinybox" permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal tinybox
    • EPSS Score: %0.35
    • Published: Jul. 29, 2013
    • Modified: Apr. 11, 2025
  • 2.1

    LOW
    CVE-2011-4142

    The Web Search feature in EMC SourceOne Email Management 6.5 before 6.5.2.4033, 6.6 before 6.6.1.2194, and 6.7 before 6.7.2.2033 places cleartext credentials in log files, which allows local users to obtain sensitive information by reading these files.... Read more

    Affected Products : sourceone_email_management
    • EPSS Score: %0.06
    • Published: Jan. 19, 2012
    • Modified: Apr. 11, 2025
  • 2.1

    LOW
    CVE-2008-4540

    Windows Mobile 6 on the HTC Hermes device makes WLAN passwords available to an auto-completion mechanism for the password input field, which allows physically proximate attackers to bypass password authentication and obtain WLAN access.... Read more

    Affected Products : windows_mobile hermes windows_mobile
    • EPSS Score: %2.33
    • Published: Oct. 13, 2008
    • Modified: Apr. 09, 2025
  • 2.1

    LOW
    CVE-2008-5417

    HP DECnet-Plus 8.3 before ECO03 for OpenVMS on the Alpha platform uses world-writable permissions for the OSIT$NAMES logical name table, which allows local users to bypass intended access restrictions and modify this table via the (1) SYS$CRELNM and (2) S... Read more

    Affected Products : decnet_plus_for_openvms openvms
    • EPSS Score: %0.08
    • Published: Dec. 10, 2008
    • Modified: Apr. 09, 2025
  • 2.1

    LOW
    CVE-2014-3851

    usr/lib/cgi-bin/create_passwd_file.py in Pyplate 0.08 uses world-readable permissions for passwd.db, which allows local users to obtain the administrator password by reading this file.... Read more

    Affected Products : pyplate
    • EPSS Score: %0.04
    • Published: Aug. 07, 2014
    • Modified: Apr. 12, 2025
  • 2.1

    LOW
    CVE-2014-5456

    Cross-site scripting (XSS) vulnerability in the Social Stats module before 7.x-1.5 for Drupal allows remote authenticated users with the "[Content Type]: Create new content" permission to inject arbitrary web script or HTML via vectors related to the conf... Read more

    Affected Products : social_stats
    • EPSS Score: %0.20
    • Published: Aug. 25, 2014
    • Modified: Apr. 12, 2025
  • 2.1

    LOW
    CVE-2014-4757

    The Outlook Extension in IBM Content Collector 4.0.0.x before 4.0.0.0-ICC-OE-IF004 allows local users to bypass the intended Reviewer privilege requirement and read e-mail messages from an arbitrary mailbox by invoking the Search function.... Read more

    Affected Products : content_collector
    • EPSS Score: %0.05
    • Published: Aug. 12, 2014
    • Modified: Apr. 12, 2025
  • 2.1

    LOW
    CVE-2013-1650

    Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses weak permissions (group "other" readable) under opt/open-xchange/etc/, which allows local users to obtain sensitive information via standard filesystem operations.... Read more

    Affected Products : open-xchange_server
    • EPSS Score: %0.20
    • Published: Sep. 05, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 291520 Results