Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2015-6847

    The default configuration of EMC VPLEX GeoSynchrony 5.4 SP1 before P3 stores cleartext NAVISPHERE GUI passwords in a log file, which allows local users to obtain sensitive information by reading this file.... Read more

    Affected Products : vplex_geosynchrony
    • EPSS Score: %0.06
    • Published: Nov. 18, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-5513

    Cross-site scripting (XSS) vulnerability in the Shibboleth authentication module 6.x-4.x before 6.x-4.2 and 7.x-4.x before 7.x-4.2 for Drupal allows remote authenticated users with the "Administer blocks" permission to inject arbitrary web script or HTML ... Read more

    • EPSS Score: %0.21
    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-1314

    The USAA Mobile Banking application before 7.10.1 for Android displays the most recently-used screen before prompting the user for login, which might allow physically proximate users to obtain banking account numbers and balances.... Read more

    Affected Products : mobile_banking
    • EPSS Score: %0.07
    • Published: Apr. 16, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-4776

    IBM License Metric Tool 9 before 9.1.0.2 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.... Read more

    Affected Products : license_metric_tool
    • EPSS Score: %0.20
    • Published: May. 20, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-0170

    IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows local users to obtain sensitive information by reading cached data.... Read more

    Affected Products : security_siteprotector_system
    • EPSS Score: %0.05
    • Published: May. 25, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-1933

    IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX001 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Managemen... Read more

    • EPSS Score: %0.08
    • Published: Oct. 04, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-2027

    IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 improperly performs logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.... Read more

    Affected Products : websphere_extreme_scale
    • EPSS Score: %0.14
    • Published: Oct. 04, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-0988

    Omron CX-One CX-Programmer before 9.6 uses a reversible format for password storage in project source-code files, which makes it easier for local users to obtain sensitive information by reading a file.... Read more

    Affected Products : cx-programmer
    • EPSS Score: %0.06
    • Published: Oct. 06, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2017-2752

    A potential security vulnerability caused by incomplete obfuscation of application configuration information was discovered in Tommy Hilfiger TH24/7 Android app versions 2.0.0.11, 2.0.1.14, 2.1.0.16, and 2.2.0.19. HP has no access to customer data as a re... Read more

    Affected Products : tommy_hilfiger_th24\/7
    • EPSS Score: %0.11
    • Published: Mar. 27, 2019
    • Modified: Nov. 21, 2024

  • 2.1

    LOW
    CVE-2015-5742

    VeeamVixProxy in Veeam Backup & Replication (B&R) before 8.0 update 3 stores local administrator credentials in log files with world-readable permissions, which allows local users to obtain sensitive information by reading the files.... Read more

    • EPSS Score: %0.05
    • Published: Oct. 16, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-4077

    The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to read arbitrary kernel memory via a 0x22608C ioctl call.... Read more

    Affected Products : forticlient
    • EPSS Score: %0.56
    • Published: Sep. 03, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-2111

    Unspecified vulnerability in HP Intelligent Provisioning 1.40 through 1.60 on Windows Server 2008 R2 and 2012 allows local users to obtain sensitive information via unknown vectors.... Read more

    • EPSS Score: %0.14
    • Published: Apr. 04, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2004-1334

    Integer overflow in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (kernel crash) via a cmsg_len that contains a -1, which leads to a buffer overflow.... Read more

    Affected Products : linux_kernel linux fedora_core
    • EPSS Score: %0.06
    • Published: Dec. 15, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1795

    Info Touch Surfnet kiosk allows local users to access the underlying filesystem via a 'file://' URI.... Read more

    Affected Products : surfnet
    • EPSS Score: %0.06
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-7129

    ISS BlackICE PC Protection 3.6 cpj and cpu, and possibly earlier versions, allows local users to bypass the protection scheme by using the ZwDeleteFile API function to delete the critical filelock.txt file, which stores information about protected files.... Read more

    Affected Products : blackice_pc_protection
    • EPSS Score: %0.21
    • Published: Mar. 06, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2005-0625

    reportbug 3.2 includes settings from .reportbugrc in bug reports, which exposes sensitive information such as smtpuser and smtppasswd.... Read more

    Affected Products : reportbug
    • EPSS Score: %0.08
    • Published: Feb. 28, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-0795

    The rc system startup script for FreeBSD 4 through 4.5 allows local users to delete arbitrary files via a symlink attack on X Windows lock files.... Read more

    Affected Products : freebsd
    • EPSS Score: %0.10
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-2258

    Xconfig in Hummingbird Exceed before 9.0.0.1, when the Screen Definition is password-protected, allows local users to access certain options by switching to another tab, then switching back to the original tab.... Read more

    Affected Products : exceed
    • EPSS Score: %0.08
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-1565

    Point to Point Protocol daemon (pppd) in MacOS x 10.0 and 10.1 through 10.1.5 provides the username and password on the command line, which allows local users to obtain authentication information via the ps command.... Read more

    Affected Products : mac_os_x
    • EPSS Score: %0.18
    • Published: Dec. 31, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-2555

    Riverdeep FoolProof Security 3.9.x on Windows 98 and Windows ME uses weak cryptography (arithmetic and XOR operations) to relate the Control password to the Administrator password, which allows local users to calculate the Administrator password if they k... Read more

    Affected Products : foolproof_security
    • EPSS Score: %0.18
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 291824 Results