Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2015-3201

    Thermostat before 2.0.0 uses world-readable permissions for the web.xml configuration file, which allows local users to obtain user credentials by reading the file.... Read more

    Affected Products : thermostat
    • EPSS Score: %0.05
    • Published: Jun. 08, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-5351

    The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging... Read more

    Affected Products : kerberos_5 kerberos
    • EPSS Score: %0.29
    • Published: Oct. 10, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2001-0568

    Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker (Zope user) with through-the-web scripting capabilities to alter ZClasses class attributes.... Read more

    Affected Products : zope
    • EPSS Score: %0.11
    • Published: Aug. 22, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2025-0883

    Improper Neutralization of Script in an Error Message Web Page vulnerability in OpenText™ Service Manager.  The vulnerability could reveal sensitive information retained by the browser. This issue affects Service Manager: 9.70, 9.71, 9.72, 9.80.... Read more

    Affected Products :
    • Published: Mar. 12, 2025
    • Modified: Mar. 12, 2025
    • Vuln Type: Information Disclosure

  • 2.1

    LOW
    CVE-2006-2036

    iOpus Secure Email Attachments (SEA), probably 1.0, does not properly handle passwords that consist of repetitions of a substring, which allows attackers to decrypt files by entering only the substring.... Read more

    Affected Products : secure_email_attachments
    • EPSS Score: %0.09
    • Published: Apr. 26, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2013-0947

    EMC RSA Authentication Manager 8.0 before P1 allows local users to discover cleartext operating-system passwords, HTTP plug-in proxy passwords, and SNMP communities by reading a (1) log file or (2) configuration file.... Read more

    Affected Products : authentication_manager
    • EPSS Score: %0.05
    • Published: Jun. 07, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-1787

    Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Simple Corporate theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal corporate
    • EPSS Score: %0.20
    • Published: Mar. 27, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-6181

    EMC Watch4Net before 6.3 stores cleartext polled-device passwords in the installation repository, which allows local users to obtain sensitive information by leveraging repository privileges.... Read more

    Affected Products : watch4net
    • EPSS Score: %0.14
    • Published: Dec. 28, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-0085

    JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been updated; previous text mistakenly identified the source ... Read more

    Affected Products : jboss_fuse jboss_a-mq
    • EPSS Score: %0.14
    • Published: Apr. 17, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-4140

    Cross-site scripting (XSS) vulnerability in the TinyBox (Simple Splash) module before 7.x-2.2 for Drupal allows remote authenticated users with the "administer tinybox" permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal tinybox
    • EPSS Score: %0.35
    • Published: Jul. 29, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2005-1578

    EnCase Forensic Edition 4.18a does not support Device Configuration Overlays (DCO), which allows attackers to hide information without detection.... Read more

    Affected Products : encase
    • EPSS Score: %0.07
    • Published: May. 13, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2013-4383

    Cross-site scripting (XSS) vulnerability in the jQuery Countdown module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal jquery_countdown
    • EPSS Score: %0.21
    • Published: Jan. 31, 2014
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-8536

    McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to obtain sensitive information by reading unspecified error messages.... Read more

    Affected Products : network_data_loss_prevention
    • EPSS Score: %0.06
    • Published: Oct. 29, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-9191

    The CodeWrights HART Device Type Manager (DTM) library in Emerson HART DTM before 1.4.181 allows physically proximate attackers to cause a denial of service (DTM outage and FDT Frame application hang) by transmitting crafted response packets on the 4-20 m... Read more

    Affected Products : hart_device_type_manager
    • EPSS Score: %0.10
    • Published: Jan. 10, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-5964

    Cross-site scripting (XSS) vulnerability in the administration page in the Flag module 7.x-3.x before 7.x-3.1 for Drupal allows remote authenticated users with the "Administer flags" permission to inject arbitrary web script or HTML via the flag title.... Read more

    Affected Products : drupal flag_module
    • EPSS Score: %0.23
    • Published: Sep. 30, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-0260

    Unspecified vulnerability in the Drush Debian Packaging module for Drupal allows local users to obtain database credentials via unknown vectors.... Read more

    Affected Products : drupal drush_debian_packaging
    • EPSS Score: %0.06
    • Published: Mar. 27, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-2715

    Cross-site scripting (XSS) vulnerability in the admin view in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a crafted field name.... Read more

    Affected Products : drupal search_api
    • EPSS Score: %0.25
    • Published: Mar. 27, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-1778

    Cross-site scripting (XSS) vulnerability in the Creative Theme 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons.... Read more

    Affected Products : drupal creative
    • EPSS Score: %0.20
    • Published: Mar. 27, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-1604

    The parser cache functionality in parsergenerator.py in RPLY (aka python-rply) before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-*.json file with a predictable name.... Read more

    Affected Products : rply rply
    • EPSS Score: %0.07
    • Published: Jan. 28, 2014
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-9568

    puppetlabs-rabbitmq 3.0 through 4.1 stores the RabbitMQ Erlang cookie value in the facts of a node, which allows local users to obtain sensitive information as demonstrated by using Facter.... Read more

    Affected Products : rabbitmq
    • EPSS Score: %0.13
    • Published: Feb. 03, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 291641 Results