Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2005-2196

    The Apple AirPort card uses a default WEP key when not connected to a known or trusted network, which can cause it to automatically connect to a malicious network.... Read more

    Affected Products : airport_card
    • EPSS Score: %0.07
    • Published: Jul. 19, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-2240

    xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files via a symlink attack on the xpvm.trace.$user temporary file.... Read more

    Affected Products : xpvm
    • EPSS Score: %0.10
    • Published: Jul. 12, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0088

    The System Configuration subsystem in Mac OS 10.2.8 allows local users to modify network settings, a different vulnerability than CVE-2004-0087.... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %0.08
    • Published: Mar. 03, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0087

    The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows local users to modify network settings, a different vulnerability than CVE-2004-0088.... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %0.09
    • Published: Mar. 03, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-2451

    Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, allows remote attackers on a local network segment to cause a denial of service (device reload) and possibly execute arbitrary code via a crafted IPv6 packet.... Read more

    Affected Products : ios ios_xr
    • EPSS Score: %3.04
    • Published: Aug. 03, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2016-8305

    Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnera... Read more

    Affected Products : flexcube_universal_banking
    • EPSS Score: %0.08
    • Published: Jan. 27, 2017
    • Modified: Apr. 20, 2025

  • 2.1

    LOW
    CVE-2022-32967

    RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and ser... Read more

    • EPSS Score: %0.06
    • Published: Nov. 29, 2022
    • Modified: Nov. 21, 2024

  • 2.1

    LOW
    CVE-2008-1431

    RaidSonic NAS-4220-B with 2.6.0-n(2007-10-11) firmware stores a partition encryption key in an unencrypted /system/.crypt file with base64 encoding, which allows local users to obtain the key.... Read more

    Affected Products : firmware nas-4220-b
    • EPSS Score: %0.04
    • Published: Mar. 20, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2011-3570

    Unspecified vulnerability in Oracle Communications Unified 7.0 allows local users to affect confidentiality via unknown vectors related to Calendar Server.... Read more

    Affected Products : communications_unified
    • EPSS Score: %0.07
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-5705

    Cross-site scripting (XSS) vulnerability in the settings page (admin/settings/hotblocks) in the Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the "administer hotblocks" permission to inject arbitrary web script ... Read more

    Affected Products : drupal hotblocks
    • EPSS Score: %0.23
    • Published: Nov. 01, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-3191

    Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect availability via unknown vectors related to Data Mover.... Read more

    Affected Products : peoplesoft_products
    • EPSS Score: %0.45
    • Published: Oct. 17, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-1648

    Cross-site scripting (XSS) vulnerability in the Cool Aid module before 6.x-1.9 for Drupal allows remote authenticated users with the administer coolaid permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal cool_aid
    • EPSS Score: %0.34
    • Published: Sep. 09, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2008-4807

    IBM Lotus Connections 2.x before 2.0.1 stores the password for the administrative user in the trace.log file, which allows local users to obtain sensitive information by reading this file. NOTE: the provenance of this information is unknown; the details ... Read more

    Affected Products : lotus_connections
    • EPSS Score: %0.06
    • Published: Oct. 31, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2012-2708

    Cross-site scripting (XSS) vulnerability in the _hosting_task_log_table function in modules/hosting/task/hosting_task.module in the Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal allows remote authenticated users with certain permissions to i... Read more

    Affected Products : drupal hostmaster hostmaster
    • EPSS Score: %0.26
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-3380

    Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.... Read more

    Affected Products : naxsi naxsi
    • EPSS Score: %0.17
    • Published: Aug. 31, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-6108

    HP Linux Imaging and Printing (HPLIP) before 3.13.2 uses world-writable permissions for /var/log/hp and /var/log/hp/tmp, which allows local users to delete log files via standard filesystem operations.... Read more

    • EPSS Score: %0.06
    • Published: Feb. 15, 2014
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-3277

    The installer in VMware Workstation 7.x before 7.1.2 build 301548 and VMware Player 3.x before 3.1.2 build 301548 renders an index.htm file if present in the installation directory, which might allow local users to trigger unintended interpretation of web... Read more

    Affected Products : player workstation
    • EPSS Score: %0.10
    • Published: Sep. 28, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2009-2314

    Race condition in the Sun Lightweight Availability Collection Tool 3.0 on Solaris 7 through 10 allows local users to overwrite arbitrary files via unspecified vectors.... Read more

    • EPSS Score: %0.07
    • Published: Jul. 05, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2014-1604

    The parser cache functionality in parsergenerator.py in RPLY (aka python-rply) before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-*.json file with a predictable name.... Read more

    Affected Products : rply rply
    • EPSS Score: %0.07
    • Published: Jan. 28, 2014
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-3976

    The (1) Data Protection for Exchange component 6.1 before 6.1.3.4 and 6.3 before 6.3.1 in IBM Tivoli Storage Manager for Mail and the (2) FlashCopy Manager for Exchange component 2.2 and 3.1 before 3.1.1 in IBM Tivoli Storage FlashCopy Manager do not prop... Read more

    • EPSS Score: %0.18
    • Published: Mar. 26, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 291360 Results