Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2000-0615

    LPRng 3.6.x improperly installs lpd as setuid root, which can allow local users to append lpd trace and logging messages to files.... Read more

    Affected Products : lprng
    • EPSS Score: %0.10
    • Published: Jul. 19, 2000
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2000-0345

    The on-line help system options in Cisco routers allows non-privileged users without "enabled" access to obtain sensitive information via the show command.... Read more

    • EPSS Score: %0.12
    • Published: May. 03, 2000
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-0474

    Utah-glx in Mesa before 3.3-14 on Mandrake Linux 7.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/glxmemory file.... Read more

    Affected Products : mandrake_linux mesa
    • EPSS Score: %0.14
    • Published: Jun. 27, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2024-9101

    A reflected cross-site scripting (XSS) vulnerability in the 'Entry Chooser' of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is un... Read more

    Affected Products :
    • Published: Dec. 19, 2024
    • Modified: Dec. 19, 2024

  • 2.1

    LOW
    CVE-2005-2076

    HP Version Control Repository Manager (VCRM) before 2.1.1.730 does not properly handle the "@" character in a proxy password, which could allow attackers with physical access to obtain portions of the password when it is displayed to the screen.... Read more

    • EPSS Score: %0.19
    • Published: Jun. 29, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2014-5270

    Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the abil... Read more

    Affected Products : debian_linux libgcrypt
    • EPSS Score: %0.07
    • Published: Oct. 10, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-1030

    mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 places a password on the command line, which allows local users to obtain sensitive information by listing the process.... Read more

    Affected Products : mac_os_x
    • EPSS Score: %0.13
    • Published: Sep. 16, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2000-0461

    The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call.... Read more

    Affected Products : freebsd netbsd
    • EPSS Score: %0.08
    • Published: May. 29, 2000
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2012-4544

    The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) ke... Read more

    Affected Products : xen
    • EPSS Score: %0.11
    • Published: Oct. 31, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2005-2499

    slocate before 2.7 does not properly process very long paths, which allows local users to cause a denial of service (updatedb exit and incomplete slocate database) via a certain crafted directory structure.... Read more

    Affected Products : slocate
    • EPSS Score: %0.06
    • Published: Aug. 23, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2015-3010

    ceph-deploy before 1.5.23 uses weak permissions (644) for ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file.... Read more

    Affected Products : ceph-deploy
    • EPSS Score: %0.05
    • Published: Jun. 16, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2006-5174

    The copy_from_user function in the uaccess code in Linux kernel 2.6 before 2.6.19-rc1, when running on s390, does not properly clear a kernel buffer, which allows local user space programs to read portions of kernel memory by "appending to a file from a b... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2003-0476

    The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.11
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2024-52006

    Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. Git defines a line-based protocol that is used to exchange information between Git and G... Read more

    Affected Products : git
    • Published: Jan. 14, 2025
    • Modified: Jan. 21, 2025
    • Vuln Type: Authentication

  • 2.1

    LOW
    CVE-2014-3645

    arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.12 does not have an exit handler for the INVEPT instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.09
    • Published: Nov. 10, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2003-0875

    Symbolic link vulnerability in the slpd script slpd.all_init for OpenSLP before 1.0.11 allows local users to overwrite arbitrary files via the route.check temporary file.... Read more

    Affected Products : openslp
    • EPSS Score: %0.24
    • Published: Nov. 17, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2024-50403

    A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modif... Read more

    Affected Products : quts_hero qts
    • Published: Dec. 06, 2024
    • Modified: Dec. 06, 2024

  • 2.1

    LOW
    CVE-2010-0007

    net/bridge/netfilter/ebtables.c in the ebtables module in the netfilter framework in the Linux kernel before 2.6.33-rc4 does not require the CAP_NET_ADMIN capability for setting or modifying rules, which allows local users to bypass intended access restri... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.07
    • Published: Jan. 19, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-3297

    The eql_g_master_cfg function in drivers/net/eql.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an EQL_GETM... Read more

    • EPSS Score: %0.07
    • Published: Sep. 30, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2003-1226

    BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryption insecurely in config.xml, filerealm.properties, and weblogic-rar.xml, which allows local users to learn those secrets and decrypt passwords.... Read more

    Affected Products : weblogic_server
    • EPSS Score: %0.03
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025
Showing 20 of 291717 Results