Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2005-2765

    The user interface in the Windows Firewall does not properly display certain malformed entries in the Windows Registry, which makes it easier for attackers with administrator privileges to hide activities if the administrator only uses the Windows Firewal... Read more

    Affected Products : windows_2003_server windows_xp
    • Published: Sep. 01, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0119

    helvis 1.8h2_1 and earlier allows local users to recover and read the files of other users via the elvrec setuid program.... Read more

    Affected Products : helvis
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-1205

    nettune in HP-UX 10.01 and 10.00 is installed setuid root, which allows local users to cause a denial of service by modifying critical networking configuration information.... Read more

    Affected Products : hp-ux
    • Published: Jun. 07, 1996
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2013-1393

    Cross-site scripting (XSS) vulnerability in the CurvyCorners module 6.x-1.x and 7.x-1.x for Drupal allows remote authenticated users with the "administer curvycorners" permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal curvycorners
    • Published: Jun. 20, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2025-41000

    Cross-Frame Scripting (XFS) vulnerability in BoomCMS v9.1.4 from UXB London. XFS is a web attack technique that exploits specific browser bugs to spy on users via JavaScript. This type of attack is based on social engineering and depends entirely on the b... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.1

    LOW
    CVE-2000-0309

    The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a local user to cause a denial of service.... Read more

    Affected Products : openbsd
    • Published: Mar. 12, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-1423

    ping in Solaris 2.3 through 2.6 allows local users to cause a denial of service (crash) via a ping request to a multicast address through the loopback interface, e.g. via ping -i.... Read more

    Affected Products : solaris sunos
    • Published: Jun. 26, 1997
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2000-0232

    Microsoft TCP/IP Printing Services, aka Print Services for Unix, allows an attacker to cause a denial of service via a malformed TCP/IP print request.... Read more

    • Published: Mar. 30, 2000
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2007-1448

    The Tape Engine in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to cause a denial of service (disabled interface) by calling an unspecified RPC function.... Read more

    • Published: Mar. 16, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2007-1353

    The setsockopt function in the L2CAP and HCI Bluetooth support in the Linux kernel before 2.4.34.3 allows context-dependent attackers to read kernel memory and obtain sensitive information via unspecified vectors involving the copy_from_user function acce... Read more

    Affected Products : linux_kernel
    • Published: Apr. 24, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2015-4801

    Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality via unknown vectors related to Solaris Kernel Zones.... Read more

    Affected Products : solaris
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2007-6039

    PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in (1) the domain parameter to the dgettext function, the message parameter to the (2) dcgettext or (3) gettext function, the msgid... Read more

    Affected Products : php
    • Published: Nov. 20, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2007-3100

    usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 uses a semaphore with insecure permissions (world-writable/world-readable) for managing log messages using shared memory, which allows local users to cause a denial of service (hang)... Read more

    Affected Products : enterprise_linux open_iscsi
    • Published: Jun. 14, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2007-3099

    usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before 2.0-865 checks the client's UID on the listening AF_LOCAL socket instead of the new connection, which allows remote attackers to access the management interface and cause a denial of se... Read more

    Affected Products : enterprise_linux
    • Published: Jun. 14, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2002-0334

    xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows local users to modify files via a symlink attack on the .xtell-log file.... Read more

    Affected Products : xtell
    • Published: Jun. 25, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2015-6113

    The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to bypass intended filesystem p... Read more

    • Published: Nov. 11, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-4922

    Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via vectors related to Boot.... Read more

    Affected Products : solaris
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2006-5199

    Adobe Contribute Publishing Server leaks the administrator password in logs that are created during product installation, which allows local users to gain privileges to the server.... Read more

    Affected Products : contribute
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2013-5371

    The client in IBM Tivoli Storage Manager (TSM) 6.3.1 and 6.4.0 on Windows does not preserve permissions of Resilient File System (ReFS) files across backup and restore operations, which allows local users to bypass intended access restrictions via standar... Read more

    Affected Products : tivoli_storage_manager
    • Published: Jan. 23, 2014
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2007-4571

    The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory con... Read more

    Affected Products : linux_kernel
    • Published: Sep. 26, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 292803 Results