Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2016-3888

    internal/telephony/SMSDispatcher.java in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism, ... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Sep. 11, 2016
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2001-1405

    Bugzilla before 2.14 does not restrict access to sanitycheck.cgi, which allows local users to cause a denial of service (CPU consumption) via a flood of requests to sanitycheck.cgi.... Read more

    Affected Products : bugzilla
    • EPSS Score: %0.06
    • Published: Sep. 10, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-4690

    Six Apart Movable Type 3.16 allows local users with blog-creation privileges to create or overwrite arbitrary files of certain types (such as HTML and image files) by selecting an arbitrary directory as a blog's top-level directory. NOTE: this issue can ... Read more

    Affected Products : movable_type
    • EPSS Score: %0.08
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-0172

    /dev/ipfilter on SGI IRIX 6.5 is installed by /dev/MAKEDEV with insecure default permissions (644), which could allow a local user to cause a denial of service (traffic disruption).... Read more

    Affected Products : irix
    • EPSS Score: %0.22
    • Published: May. 16, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-0921

    Netscape 4.79 and earlier for MacOS allows an attacker with access to the browser to obtain passwords from form fields by printing the document into which the password has been typed, which is printed in cleartext.... Read more

    Affected Products : communicator
    • EPSS Score: %0.12
    • Published: Nov. 21, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1808

    Extcompose in metamail does not verify the output file before writing to it, which allows local users to overwrite arbitrary files via a symlink attack.... Read more

    Affected Products : metamail
    • EPSS Score: %0.07
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1204

    FluxBox 0.9.10 and earlier versions allows local users to cause a denial of service (application crash) by calling Xman with a long -title value, possibly triggering a buffer overflow.... Read more

    Affected Products : fluxbot
    • EPSS Score: %0.06
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-2126

    restrictEnabled in Integrity Protection Driver (IPD) 1.2 delays driver installation for 20 minutes, which allows local users to insert malicious code by setting system clock to an earlier time.... Read more

    Affected Products : integrity_protection_driver
    • EPSS Score: %0.07
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2012-2299

    The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal stores passwords for new customers in plaintext during checkout, which allows local users to obtain sensitive information by reading from the database.... Read more

    Affected Products : drupal ubercart
    • EPSS Score: %0.08
    • Published: Aug. 14, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2006-5204

    Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be le... Read more

    Affected Products : invision_power_board
    • EPSS Score: %0.48
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2005-1944

    xmysqladmin 1.0 and earlier allows local users to delete arbitrary files via a symlink attack on a database backup file in /tmp.... Read more

    Affected Products : xmysqladmin
    • EPSS Score: %0.07
    • Published: Jun. 09, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0618

    FreeBSD 5.1 for the Alpha processor allows local users to cause a denial of service (crash) via an execve system call with an unaligned memory address as an argument.... Read more

    Affected Products : freebsd
    • EPSS Score: %0.23
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2003-1246

    NtCreateSymbolicLinkObject in ntdll.dll in Integrity Protection Driver (IPD) 1.2 and 1.3 allows local users to create and overwrite arbitrary files via a symlink attack on \winnt\system32\drivers using the subst command.... Read more

    Affected Products : integrity_protection_driver
    • EPSS Score: %0.06
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-2321

    BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users in the Operator role to obtain administrator passwords via MBean attributes, including (1) ServerStartMBean.Password and (2) NodeManagerMBean.CertificatePassword.... Read more

    Affected Products : weblogic_server
    • EPSS Score: %0.03
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2012-4899

    WellinTech KingView 6.5.3 and earlier uses a weak password-hashing algorithm, which makes it easier for local users to discover credentials by reading an unspecified file.... Read more

    Affected Products : kingview
    • EPSS Score: %0.06
    • Published: Oct. 10, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2007-1194

    Norman SandBox Analyzer does not use the proper range for Interrupt Descriptor Table (IDT) entries, which allows local users to determine that the local machine is an emulator, or a similar environment not based on a physical Intel processor, which allows... Read more

    Affected Products : norman_sandbox_analyzer
    • EPSS Score: %0.07
    • Published: Mar. 02, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2004-0481

    The logging feature in kcms_configure in the KCMS package on Solaris 8 and 9, and possibly other versions, allows local users to corrupt arbitrary files via a symlink attack on the KCS_ClogFile file.... Read more

    Affected Products : solaris sunos
    • EPSS Score: %0.05
    • Published: Feb. 23, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-1578

    Unknown vulnerability in SCO OpenServer 5.0.6 and earlier allows local users to modify critical information such as certain CPU registers and segment descriptors.... Read more

    Affected Products : openserver
    • EPSS Score: %0.08
    • Published: Dec. 31, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2008-3899

    TrueCrypt 5.0 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this ... Read more

    Affected Products : truecrypt
    • EPSS Score: %0.06
    • Published: Sep. 03, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2006-3696

    filtnt.sys in Outpost Firewall Pro before 3.51.759.6511 (462) allows local users to cause a denial of service (crash) via long arguments to mshta.exe.... Read more

    Affected Products : outpost_firewall
    • EPSS Score: %0.30
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 291358 Results