Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2010-1487

    IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG.... Read more

    Affected Products : lotus_notes notes
    • EPSS Score: %0.06
    • Published: Apr. 20, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-7368

    Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache.... Read more

    Affected Products : revive_adserver
    • EPSS Score: %0.06
    • Published: Oct. 14, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2011-0797

    Unspecified vulnerability in the Applications Install component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect confidentiality via unknown vectors.... Read more

    Affected Products : e-business_suite
    • EPSS Score: %0.17
    • Published: Apr. 20, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-6147

    IBM Flex System Manager (FSM) 1.1.x.x, 1.2.0.x, 1.2.1.x, 1.3.0.0, 1.3.1.0, and 1.3.2.0 allows local users to obtain sensitive information, and consequently gain privileges or conduct impersonation attacks, via unspecified vectors.... Read more

    Affected Products : flex_system_manager
    • EPSS Score: %0.13
    • Published: Feb. 19, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2012-1657

    Cross-site scripting (XSS) vulnerability in block_class.module in the Block Class module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the class name.... Read more

    Affected Products : drupal block_class
    • EPSS Score: %0.26
    • Published: Sep. 18, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-2076

    Cross-site scripting (XSS) vulnerability in the administration forms in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with administer sharethis permissions to inject arbitrary web script or HTML via unspecified v... Read more

    Affected Products : drupal sharethis
    • EPSS Score: %0.26
    • Published: Aug. 14, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-1660

    Multiple cross-site scripting (XSS) vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the "Select (or other)" module is enabled, allow remote authenticated users with the cr... Read more

    Affected Products : drupal webform webform
    • EPSS Score: %0.46
    • Published: Sep. 18, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-2072

    Cross-site scripting (XSS) vulnerability in the Share Buttons (AddToAny) module 6.x-3.x before 6.x-3.4 for Drupal allows remote authenticated users with the administer addtoany permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal addtoany
    • EPSS Score: %0.34
    • Published: Aug. 14, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-4138

    Cross-site scripting (XSS) vulnerability in the Hatch theme 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with the "Administer content," "Create new article," or "Edit any article type content" permission to inject arbitrary web scri... Read more

    Affected Products : drupal hatch
    • EPSS Score: %0.21
    • Published: Aug. 28, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2004-1808

    Extcompose in metamail does not verify the output file before writing to it, which allows local users to overwrite arbitrary files via a symlink attack.... Read more

    Affected Products : metamail
    • EPSS Score: %0.07
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2010-5146

    The Remote Filtering component in Websense Web Security and Web Filter before 7.1 Hotfix 66 allows local users to bypass filtering by (1) renaming the WDC.exe file or (2) deleting driver files.... Read more

    • EPSS Score: %0.06
    • Published: Aug. 23, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-1781

    Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Professional theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal professional_theme
    • EPSS Score: %0.23
    • Published: Mar. 27, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-1584

    Cross-site scripting (XSS) vulnerability in the Context module before 6.x-2.0-rc4 for Drupal allows remote authenticated users, with Administer Blocks privileges, to inject arbitrary web script or HTML via a block description.... Read more

    Affected Products : drupal context
    • EPSS Score: %0.45
    • Published: May. 19, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-6648

    gdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as used in Ubuntu Linux 10.04 LTS, 10.10, and 11.04, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT from CVE-2012-... Read more

    Affected Products : ubuntu_linux gdm-guest-session
    • EPSS Score: %0.06
    • Published: May. 22, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-1887

    Multiple cross-site scripting (XSS) vulnerabilities in the Views module 7.x-3.x before 7.x-3.6 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via certain view configuration fields.... Read more

    Affected Products : drupal views
    • EPSS Score: %0.28
    • Published: Mar. 27, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-2241

    The (1) setup-ds.pl and (2) setup-ds-admin.pl setup scripts for Red Hat Directory Server 8 before 8.2 use world-readable permissions when creating cache files, which allows local users to obtain sensitive information including passwords for Directory and ... Read more

    Affected Products : directory_server
    • EPSS Score: %0.05
    • Published: Aug. 17, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2009-4557

    Cross-site scripting (XSS) vulnerability in the Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, allows remote authenticated u... Read more

    Affected Products : drupal img_assist
    • EPSS Score: %0.23
    • Published: Jan. 04, 2010
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2013-4216

    The Trace_OpenLogFile function in InfraStack/OSDependent/Linux/InfraStackModules/TraceModule/TraceModule.c in the Trace module in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices uses world-writable permission... Read more

    Affected Products : wimax_network_service
    • EPSS Score: %0.04
    • Published: Aug. 25, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2006-3787

    kpf4ss.exe in Sunbelt Kerio Personal Firewall 4.3.x before 4.3.268 does not properly hook the CreateRemoteThread API function, which allows local users to cause a denial of service (crash) and bypass protection mechanisms by calling CreateRemoteThread.... Read more

    Affected Products : personal_firewall
    • EPSS Score: %0.22
    • Published: Jul. 24, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-1273

    The "mxcsr P4" vulnerability in the Linux kernel before 2.2.17-14, when running on certain Intel CPUs, allows local users to cause a denial of service (system halt).... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.05
    • Published: Feb. 12, 2001
    • Modified: Apr. 03, 2025
Showing 20 of 291617 Results