Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2001-1302

    The change password option in the Windows Security interface for Windows 2000 allows attackers to use the option to attempt to change passwords of other users on other systems or identify valid accounts by monitoring error messages, possibly due to a prob... Read more

    Affected Products : windows_2000
    • EPSS Score: %0.72
    • Published: Jul. 18, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2014-4702

    The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4701.... Read more

    Affected Products : nagios
    • EPSS Score: %0.11
    • Published: Dec. 05, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-6501

    Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality via vectors related to SSH.... Read more

    Affected Products : sunos solaris
    • EPSS Score: %0.06
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-9731

    The UDF filesystem implementation in the Linux kernel before 3.18.2 does not ensure that space is available for storing a symlink target's name along with a trailing \0 character, which allows local users to obtain sensitive information via a crafted file... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Aug. 31, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2012-3818

    The fpm exporter in Revelation 0.4.13-2 and earlier encrypts the version number but not the password when exporting a file, which might allow local users to obtain sensitive information.... Read more

    Affected Products : revelation
    • EPSS Score: %0.06
    • Published: Jun. 29, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-6648

    gdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as used in Ubuntu Linux 10.04 LTS, 10.10, and 11.04, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT from CVE-2012-... Read more

    Affected Products : ubuntu_linux gdm-guest-session
    • EPSS Score: %0.06
    • Published: May. 22, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2004-1808

    Extcompose in metamail does not verify the output file before writing to it, which allows local users to overwrite arbitrary files via a symlink attack.... Read more

    Affected Products : metamail
    • EPSS Score: %0.07
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2008-0732

    The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.... Read more

    Affected Products : suse_linux geronimo
    • EPSS Score: %0.05
    • Published: Feb. 12, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2012-4615

    EMC Smarts Network Configuration Manager (NCM) before 9.1 uses a hardcoded encryption key for the storage of credentials, which allows local users to obtain sensitive information via unspecified vectors.... Read more

    • EPSS Score: %0.04
    • Published: Nov. 27, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2008-5915

    An unspecified function in the JavaScript implementation in Google Chrome creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up... Read more

    Affected Products : chrome
    • EPSS Score: %0.52
    • Published: Jan. 20, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2013-4216

    The Trace_OpenLogFile function in InfraStack/OSDependent/Linux/InfraStackModules/TraceModule/TraceModule.c in the Trace module in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices uses world-writable permission... Read more

    Affected Products : wimax_network_service
    • EPSS Score: %0.04
    • Published: Aug. 25, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2009-4557

    Cross-site scripting (XSS) vulnerability in the Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, allows remote authenticated u... Read more

    Affected Products : drupal img_assist
    • EPSS Score: %0.23
    • Published: Jan. 04, 2010
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2004-0618

    FreeBSD 5.1 for the Alpha processor allows local users to cause a denial of service (crash) via an execve system call with an unaligned memory address as an argument.... Read more

    Affected Products : freebsd
    • EPSS Score: %0.23
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2010-2241

    The (1) setup-ds.pl and (2) setup-ds-admin.pl setup scripts for Red Hat Directory Server 8 before 8.2 use world-readable permissions when creating cache files, which allows local users to obtain sensitive information including passwords for Directory and ... Read more

    Affected Products : directory_server
    • EPSS Score: %0.05
    • Published: Aug. 17, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2003-1246

    NtCreateSymbolicLinkObject in ntdll.dll in Integrity Protection Driver (IPD) 1.2 and 1.3 allows local users to create and overwrite arbitrary files via a symlink attack on \winnt\system32\drivers using the subst command.... Read more

    Affected Products : integrity_protection_driver
    • EPSS Score: %0.06
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-4690

    Six Apart Movable Type 3.16 allows local users with blog-creation privileges to create or overwrite arbitrary files of certain types (such as HTML and image files) by selecting an arbitrary directory as a blog's top-level directory. NOTE: this issue can ... Read more

    Affected Products : movable_type
    • EPSS Score: %0.08
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2008-5912

    An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a ... Read more

    Affected Products : internet_explorer
    • EPSS Score: %17.14
    • Published: Jan. 20, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2013-1781

    Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Professional theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal professional_theme
    • EPSS Score: %0.23
    • Published: Mar. 27, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-4138

    Cross-site scripting (XSS) vulnerability in the Hatch theme 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with the "Administer content," "Create new article," or "Edit any article type content" permission to inject arbitrary web scri... Read more

    Affected Products : drupal hatch
    • EPSS Score: %0.21
    • Published: Aug. 28, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-1999-1449

    SunOS 4.1.4 on a Sparc 20 machine allows local users to cause a denial of service (kernel panic) by reading from the /dev/tcx0 TCX device.... Read more

    Affected Products : sunos
    • EPSS Score: %0.05
    • Published: May. 19, 1997
    • Modified: Apr. 03, 2025
Showing 20 of 291593 Results