Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2006-4186

    The iManager in eMBoxClient.jar in Novell eDirectory 8.7.3.8 writes passwords in plaintext to a log file, which allows local users to obtain passwords by reading the file.... Read more

    Affected Products : edirectory
    • EPSS Score: %0.06
    • Published: Aug. 17, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2000-1146

    Recourse ManTrap 1.6 allows attackers to cause a denial of service via a sequence of commands that navigate into and out of the /proc/self directory and executing various commands such as ls or pwd.... Read more

    Affected Products : mantrap
    • EPSS Score: %0.08
    • Published: Jan. 09, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-0087

    bindsock in Lotus Domino 5.07 on Solaris allows local users to create arbitrary files via a symlink attack on temporary files.... Read more

    Affected Products : lotus_domino domino
    • EPSS Score: %0.12
    • Published: Mar. 15, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2010-1995

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS before 2.0.5 allow remote authenticated users, with "Add new article" privileges, to inject arbitrary web script or HTML via the (1) title, (2) subTitle, and (3) author paramete... Read more

    Affected Products : tomatocms
    • EPSS Score: %0.34
    • Published: May. 20, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-1999-1364

    Windows NT 4.0 allows local users to cause a denial of service (crash) via an illegal kernel mode address to the functions (1) GetThreadContext or (2) SetThreadContext.... Read more

    Affected Products : windows_nt
    • EPSS Score: %0.37
    • Published: Dec. 31, 1999
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-1269

    Screen savers in KDE beta 3 allows local users to overwrite arbitrary files via a symlink attack on the .kss.pid file.... Read more

    Affected Products : kde_beta_3
    • EPSS Score: %0.11
    • Published: Feb. 06, 1998
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2014-1233

    The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtain the App-Key, username, and password values by listing the curl process.... Read more

    Affected Products : paratrooper-pingdom
    • EPSS Score: %0.07
    • Published: Jan. 10, 2014
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2006-0427

    Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0 and 8.1 through SP5 allows malicious EJBs or servlet applications to decrypt system passwords, possibly by accessing functionality that should have been restricted.... Read more

    Affected Products : weblogic_server
    • EPSS Score: %0.08
    • Published: Jan. 25, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-0384

    ppd in Reliant Sinix allows local users to corrupt arbitrary files via a symlink attack in the /tmp/ppd.trace file.... Read more

    Affected Products : reliant_unix
    • EPSS Score: %0.13
    • Published: Jul. 02, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-0547

    Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion).... Read more

    Affected Products : isa_server
    • EPSS Score: %0.52
    • Published: Sep. 20, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1895

    YaST Online Update (YOU) in SuSE 8.2 and 9.0 allows local users to overwrite arbitrary files via a symlink attack on you-$USER/cookies.... Read more

    Affected Products : suse_linux
    • EPSS Score: %0.08
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-5806

    SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when configured to spawn a web browser after a successful connection, stores sensitive browser session information in a directory outside of the CSD vault and does not restrict the user from saving f... Read more

    Affected Products : secure_desktop
    • EPSS Score: %0.09
    • Published: Nov. 08, 2006
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2006-0917

    Melange Chat Server (aka M-Chat), when accessed via a web browser, automatically sends cookies and other sensitive information for a server to any port specified in the associated link, which allows local users on that server to read the cookies from HTTP... Read more

    Affected Products : melange_chat_system
    • EPSS Score: %0.08
    • Published: Feb. 28, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2014-5037

    Eucalyptus 4.0.0 through 4.0.1, when the log level is set to INFO, logs user and system passwords, which allows local users to obtain sensitive information by reading cloud-requests.log.... Read more

    Affected Products : eucalyptus
    • EPSS Score: %0.06
    • Published: Nov. 07, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2007-3654

    The display driver allocattr functions in NetBSD 3.0 through 4.0_BETA2, and NetBSD-current before 20070728, allow local users to cause a denial of service (panic) via a (1) negative or (2) large value in an ioctl call, as demonstrated by the vga_allocattr... Read more

    Affected Products : netbsd
    • EPSS Score: %0.07
    • Published: Sep. 17, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2009-5056

    Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then... Read more

    Affected Products : otrs
    • EPSS Score: %0.16
    • Published: Mar. 18, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-4498

    The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly delete organic group group spaces content when using the option to move to a new group, which causes the content to be "orphaned" and allows remote authentica... Read more

    Affected Products : drupal spaces
    • EPSS Score: %0.20
    • Published: May. 17, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2010-2403

    Unspecified vulnerability in the PeopleSoft Enterprise Campus Solutions component in Oracle PeopleSoft and JDEdwards Suite Campus Solutions 9.0 Bundle #17 allows remote authenticated users to affect confidentiality via unknown vectors.... Read more

    • EPSS Score: %0.17
    • Published: Jul. 13, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2000-0387

    The makelev program in the golddig game from the FreeBSD ports collection allows local users to overwrite arbitrary files.... Read more

    Affected Products : golddig
    • EPSS Score: %0.11
    • Published: May. 09, 2000
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2012-0800

    The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 makes it easier for physically proximate attackers to discover passwords by reading the contents of a non-password field, as demonstrated by acc... Read more

    Affected Products : moodle
    • EPSS Score: %0.07
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 291398 Results