Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2015-6754

    Cross-site scripting (XSS) vulnerability in the administration interface in the Path Breadcrumbs module 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "Administer Path Breadcrumbs" permission to inject arbitrary web script or... Read more

    Affected Products : path_breadcrumbs
    • Published: Aug. 31, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2010-1487

    IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG.... Read more

    Affected Products : lotus_notes notes
    • Published: Apr. 20, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2011-5202

    BazisVirtualCDBus.sys in WinCDEmu 3.6 allows local users to cause a denial of service (system crash) via the unmount command to batchmnt.exe.... Read more

    Affected Products : wincdemu
    • Published: Oct. 01, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-1358

    Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privileges, to inject arbitrary web script or HTML via unspeci... Read more

    Affected Products : drupal bibliography
    • Published: Apr. 13, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-5440

    IBM InfoSphere Information Server 8.0, 8.1, 8.5, 8.7, and 9.1 allows local users to obtain sensitive information in opportunistic circumstances by leveraging the presence of file content after a failed installation.... Read more

    Affected Products : infosphere_information_server
    • Published: Dec. 18, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2008-1738

    Rising Antivirus 2008 before 20.38.20 allows local users to cause a denial of service (system crash) via an invalid pointer to the _CLIENT_ID structure in a call to the NtOpenProcess hooked System Service Descriptor Table (SSDT) function.... Read more

    Affected Products : rising_antivirus
    • Published: Apr. 30, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2008-7020

    McAfee SafeBoot Device Encryption 4 build 4750 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memo... Read more

    Affected Products : safeboot_device_encryption
    • Published: Aug. 21, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2015-7368

    Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache.... Read more

    Affected Products : revive_adserver
    • Published: Oct. 14, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-6375

    The debug-logging (aka debug cns) feature in Cisco Networking Services (CNS) for IOS 15.2(2)E3 allows local users to obtain sensitive information by reading an unspecified file, aka Bug ID CSCux18010.... Read more

    Affected Products : ios
    • Published: Nov. 21, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2009-5008

    Cisco Secure Desktop (CSD), when used in conjunction with an AnyConnect SSL VPN server, does not properly perform verification, which allows local users to bypass intended policy restrictions via a modified executable file.... Read more

    Affected Products : secure_desktop
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-1123

    Chip Salzenberg Deliver does not properly associate a lockfile with the user who created the file, which allows local users to cause a denial of service (blockage of incoming e-mail) by creating lockfiles for arbitrary mailboxes.... Read more

    Affected Products : deliver
    • Published: Mar. 26, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-1530

    Multiple cross-site scripting (XSS) vulnerabilities in the Internationalization module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with translate interface or administer blocks privileges, to inject arbitrary web script or HTML via (1)... Read more

    Affected Products : drupal i18n
    • Published: Apr. 26, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2008-0580

    Geert Moernaut LSrunasE and Supercrypt use an encryption key composed of an SHA1 hash of a fixed string embedded in the executable file, which makes it easier for local users to obtain this key without reverse engineering.... Read more

    Affected Products : lsrunase supercrypt
    • Published: Feb. 05, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2006-1902

    fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 improperly handles pointer overflow when folding a certain expr comparison to a corresponding offset comparison in cases other than EQ_EXPR and NE_EXPR, which might introduce buffer overflow... Read more

    Affected Products : gcc
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2025-22272

    In the "/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg" endpoint, it is possible to inject code in the "modalDlgMsgInternal" parameter via POST, which is then executed in the browser. The risk of exploiting vulnerability is reduced due to the required ... Read more

    Affected Products :
    • Published: Feb. 28, 2025
    • Modified: Mar. 05, 2025
    • Vuln Type: Injection

  • 2.1

    LOW
    CVE-2014-3099

    Unspecified vulnerability in the Security component in IBM Systems Director 6.3.0 through 6.3.5 allows local users to obtain sensitive information via unknown vectors.... Read more

    Affected Products : systems_director
    • Published: Dec. 06, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2010-4474

    Unspecified vulnerability in the Java DB component in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows local users to affect confidentiality via unknown vectors related to Security, a similar vulnerability to CVE-2009-4269.... Read more

    Affected Products : jre jdk
    • Published: Feb. 17, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2006-2334

    The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be... Read more

    Affected Products : windows_2000 windows_xp
    • Published: May. 12, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2025-41000

    Cross-Frame Scripting (XFS) vulnerability in BoomCMS v9.1.4 from UXB London. XFS is a web attack technique that exploits specific browser bugs to spy on users via JavaScript. This type of attack is based on social engineering and depends entirely on the b... Read more

    Affected Products :
    • Published: Sep. 03, 2025
    • Modified: Sep. 04, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.1

    LOW
    CVE-2025-58352

    Weblate is a web based localization tool. Versions lower than 5.13.1 contain a vulnerability that causes long session expiry during the second factor verification. The long session expiry could be used to circumvent rate limiting of the second factor. Th... Read more

    Affected Products : weblate
    • Published: Sep. 05, 2025
    • Modified: Sep. 05, 2025
    • Vuln Type: Authentication
Showing 20 of 292797 Results