Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2002-2028

    The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify if a domain account has already been locked when a valid password is provided, which makes it easier for users with physical access to conduct brute force password guessing.... Read more

    Affected Products : windows_2000 windows_xp windows_nt
    • EPSS Score: %0.81
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2012-1657

    Cross-site scripting (XSS) vulnerability in block_class.module in the Block Class module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the class name.... Read more

    Affected Products : drupal block_class
    • EPSS Score: %0.26
    • Published: Sep. 18, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-6147

    IBM Flex System Manager (FSM) 1.1.x.x, 1.2.0.x, 1.2.1.x, 1.3.0.0, 1.3.1.0, and 1.3.2.0 allows local users to obtain sensitive information, and consequently gain privileges or conduct impersonation attacks, via unspecified vectors.... Read more

    Affected Products : flex_system_manager
    • EPSS Score: %0.13
    • Published: Feb. 19, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-4747

    The Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows physically proximate attackers to discover a meeting password hash by leveraging access to an unattended workstation to read HTML source code within a victim's browser.... Read more

    Affected Products : sametime sametime_meeting_server
    • EPSS Score: %0.06
    • Published: Jul. 26, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2012-2072

    Cross-site scripting (XSS) vulnerability in the Share Buttons (AddToAny) module 6.x-3.x before 6.x-3.4 for Drupal allows remote authenticated users with the administer addtoany permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal addtoany
    • EPSS Score: %0.34
    • Published: Aug. 14, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2011-0797

    Unspecified vulnerability in the Applications Install component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect confidentiality via unknown vectors.... Read more

    Affected Products : e-business_suite
    • EPSS Score: %0.17
    • Published: Apr. 20, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-5231

    The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to extract the password from storage via unspecified vectors.... Read more

    • EPSS Score: %0.06
    • Published: Jan. 14, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2012-2076

    Cross-site scripting (XSS) vulnerability in the administration forms in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with administer sharethis permissions to inject arbitrary web script or HTML via unspecified v... Read more

    Affected Products : drupal sharethis
    • EPSS Score: %0.26
    • Published: Aug. 14, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2020-16237

    Philips SureSigns VS4, A.07.107 and prior receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.... Read more

    • EPSS Score: %0.06
    • Published: Aug. 21, 2020
    • Modified: Jun. 04, 2025

  • 2.1

    LOW
    CVE-2011-1822

    The LDAP_ADD implementation in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0009 stores a cleartext SHA password in the change log, which might allow local users to obtain sensitive information by reading this log.... Read more

    Affected Products : tivoli_directory_server
    • EPSS Score: %0.05
    • Published: Apr. 21, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2006-5724

    Heap-based buffer overflow the "Answering Service" function in ICQ 2003b Build 3916 allows local users to cause a denial of service (application crash) via a long string in the "AwayMsg Presets" value in the ICQ\ICQPro\DefaultPrefs\Presets registry key.... Read more

    Affected Products : icq
    • EPSS Score: %0.17
    • Published: Nov. 04, 2006
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2012-1660

    Multiple cross-site scripting (XSS) vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the "Select (or other)" module is enabled, allow remote authenticated users with the cr... Read more

    Affected Products : drupal webform webform
    • EPSS Score: %0.46
    • Published: Sep. 18, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-2224

    The snapshot merging functionality in Red Hat Enterprise Virtualization Manager (aka RHEV-M) before 2.2 does not properly pass the postzero parameter during operations on deleted volumes, which allows guest OS users to obtain sensitive information by exam... Read more

    • EPSS Score: %0.07
    • Published: Jun. 24, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-0265

    The redirect_stderr function in xnbd_common.c in xnbd-server and xndb-wrapper in xNBD 0.1.0 allow local users to overwrite arbitrary files via a symlink attack on /tmp/xnbd.log.... Read more

    Affected Products : xnbd
    • EPSS Score: %0.07
    • Published: Feb. 13, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2006-0584

    The PSCipher function in PeopleSoft People Tools 8.4x uses PKCS #5 with a fixed DES key to store user passwords, which makes it easier for local users to guess passwords using a dictionary attack that compares output strings.... Read more

    Affected Products : peopletools
    • EPSS Score: %0.07
    • Published: Feb. 08, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2008-1970

    muCommander before 0.8.2 stores credentials.xml with insecure permissions, which allows local users to obtain credentials.... Read more

    Affected Products : mucommander
    • EPSS Score: %0.05
    • Published: Apr. 27, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2010-2158

    Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) phone, or (3)... Read more

    Affected Products : drupal storm
    • EPSS Score: %0.16
    • Published: Jun. 07, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2008-6191

    Conductor.exe in Intrinsic Swimage Encore before 5.0.1.21 contains a hardcoded password, which might allow local users to decrypt certain .bin files. NOTE: it is not clear whether this issue crosses privilege boundaries.... Read more

    Affected Products : swimage_encore
    • EPSS Score: %0.10
    • Published: Feb. 19, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2009-1292

    UCM-CQ in IBM Rational ClearCase 7.0.0.x before 7.0.0.5, 7.0.1.x before 7.0.1.4, and 7.1.x before 7.1.0.1 on Linux and AIX places a username and password on the command line, which allows local users to obtain credentials by listing the process.... Read more

    Affected Products : aix rational_clearcase unix
    • EPSS Score: %0.05
    • Published: Apr. 14, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2008-3902

    HP firmware 68DTT F.0D stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this bu... Read more

    Affected Products : 68dtt
    • EPSS Score: %0.11
    • Published: Sep. 03, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 291219 Results