Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2008-3898

    Secu Star DriveCrypt Plus Pack 3.9 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations ... Read more

    Affected Products : drivecrypt_plus_pack
    • Published: Sep. 03, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2007-6267

    Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information.... Read more

    • Published: Dec. 07, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2012-1648

    Cross-site scripting (XSS) vulnerability in the Cool Aid module before 6.x-1.9 for Drupal allows remote authenticated users with the administer coolaid permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal cool_aid
    • Published: Sep. 09, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2003-1072

    Memory leak in lofiadm in Solaris 8 allows local users to cause a denial of service (kernel memory consumption).... Read more

    Affected Products : solaris sunos
    • Published: Apr. 28, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-0957

    MajorCool mj_key_cache program allows local users to modify files via a symlink attack.... Read more

    Affected Products : majorcool
    • Published: Jun. 18, 1997
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2008-7207

    RivetTracker before 1.0 stores passwords in cleartext in config.php, which allows local users to discover passwords by reading config.php.... Read more

    Affected Products : rivettracker
    • Published: Sep. 11, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2012-3380

    Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.... Read more

    Affected Products : naxsi naxsi
    • Published: Aug. 31, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2005-2283

    WebEOC before 6.0.2 does not properly restrict the size of an uploaded file, which allows remote authenticated users to cause a denial of service (system and database resource consumption) via a large file.... Read more

    Affected Products : webeoc
    • Published: Jul. 18, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-0327

    SGI syserr program allows local users to corrupt files.... Read more

    Affected Products : irix
    • Published: Nov. 01, 1997
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-6674

    Ozeki HTTP-SMS Gateway 1.0, and possibly earlier, stores usernames and passwords in plaintext in the HKLM\Software\Ozeki\SMSServer\CurrentVersion\Plugins\httpsmsgate registry key, which allows local users to obtain sensitive information.... Read more

    Affected Products : http-sms_gateway
    • Published: Dec. 21, 2006
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2000-0829

    The tmpwatch utility in Red Hat Linux forks a new process for each directory level, which allows local users to cause a denial of service by creating deeply nested directories in /tmp or /var/tmp/.... Read more

    Affected Products : linux tmpwatch
    • Published: Nov. 14, 2000
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2000-0873

    netstat in AIX 4.x.x does not properly restrict access to the -Zi option, which allows local users to clear network interface statistics and possibly hide evidence of unusual network activities.... Read more

    Affected Products : aix
    • Published: Nov. 14, 2000
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-6657

    The if_clone_list function in NetBSD-current before 20061027, NetBSD 3.0 and 3.0.1 before 20061027, and NetBSD 2.x before 20061119 allows local users to read potentially sensitive, uninitialized stack memory via unspecified vectors.... Read more

    Affected Products : netbsd
    • Published: Dec. 20, 2006
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2010-1294

    Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows local users to obtain sensitive information via unknown vectors.... Read more

    Affected Products : coldfusion
    • Published: May. 13, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-2975

    Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 does not properly handle multiple SSH sessions, which allows physically proximate attackers to read a password, related to an "arrow key failure," aka Bug ID CSCtg51544.... Read more

    • Published: Aug. 10, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2001-1092

    msgchk in Digital UNIX 4.0G and earlier allows a local user to read the first line of arbitrary files via a symlink attack on the .mh_profile file.... Read more

    Affected Products : tru64
    • Published: Sep. 10, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-1000

    rlmadmin RADIUS management utility in Merit AAA Server 3.8M, 5.01, and possibly other versions, allows local users to read arbitrary files via a symlink attack on the rlmadmin.help file.... Read more

    Affected Products : aaa_radius_server
    • Published: Sep. 07, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2000-1143

    Recourse ManTrap 1.6 hides the first 4 processes that run on a Solaris system, which allows attackers to determine that they are in a honeypot system.... Read more

    Affected Products : mantrap
    • Published: Jan. 09, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-1059

    Linksys WET11 1.5.4 allows remote attackers to change the password without providing the original password via the data parameter to changepw.html.... Read more

    Affected Products : wet11
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-0052

    IBM DB2 Universal Database version 6.1 allows users to cause a denial of service via a malformed query.... Read more

    Affected Products : db2_universal_database
    • Published: Feb. 16, 2001
    • Modified: Apr. 03, 2025
Showing 20 of 293496 Results