Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 2.1

    LOW
    CVE-2004-2136

    dm-crypt on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected without decryption.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.07
    • Published: Feb. 19, 2004
    • Modified: Apr. 03, 2025
  • 2.1

    LOW
    CVE-2010-1958

    Cross-site scripting (XSS) vulnerability in the FileField module 5.x before 5.x-2.5 and 6.x before 6.x-3.4 for Drupal allows remote authenticated users, with create or edit permissions and 'Path to File' or 'URL to File' display enabled, to inject arbitra... Read more

    Affected Products : drupal filefield
    • EPSS Score: %0.25
    • Published: Jun. 21, 2010
    • Modified: Apr. 11, 2025
  • 2.1

    LOW
    CVE-2007-6744

    Flexera Macrovision InstallShield before 2008 sends a digital-signature password to an unintended application during certain signature operations involving .spc and .pvk files, which might allow local users to obtain sensitive information via unspecified ... Read more

    Affected Products : installshield
    • EPSS Score: %0.06
    • Published: Jan. 19, 2012
    • Modified: Apr. 11, 2025
  • 2.1

    LOW
    CVE-2012-6583

    Cross-site scripting (XSS) vulnerability in the Imagemenu module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer imagemenu" permission to inject arbitrary web script or HTML via an image file name.... Read more

    Affected Products : drupal imagemenu
    • EPSS Score: %0.34
    • Published: Aug. 23, 2013
    • Modified: Apr. 11, 2025
  • 2.1

    LOW
    CVE-2007-3379

    Unspecified vulnerability in the kernel in Red Hat Enterprise Linux (RHEL) 4 on the x86_64 platform allows local users to cause a denial of service (OOPS) via unspecified vectors related to the get_gate_vma function and the fuser command.... Read more

    Affected Products : enterprise_linux linux
    • EPSS Score: %0.06
    • Published: Sep. 17, 2007
    • Modified: Apr. 09, 2025
  • 2.1

    LOW
    CVE-2007-5790

    The Globe7 soft phone client 7.3 uses weak cryptography (reversed sequence of binary values) for the password, which might allow local users to obtain sensitive information.... Read more

    Affected Products : globe7
    • EPSS Score: %0.07
    • Published: Nov. 01, 2007
    • Modified: Apr. 09, 2025
  • 2.1

    LOW
    CVE-2013-1956

    The create_user_ns function in kernel/user_namespace.c in the Linux kernel before 3.8.6 does not check whether a chroot directory exists that differs from the namespace root directory, which allows local users to bypass intended filesystem restrictions vi... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.03
    • Published: Apr. 24, 2013
    • Modified: Apr. 11, 2025
  • 2.1

    LOW
    CVE-2009-2031

    smbfs in Sun OpenSolaris snv_84 through snv_110, when default mount permissions are used, allows local users to read arbitrary files, and list arbitrary directories, on CIFS volumes.... Read more

    Affected Products : opensolaris
    • EPSS Score: %0.05
    • Published: Jun. 11, 2009
    • Modified: Apr. 09, 2025
  • 2.1

    LOW
    CVE-2012-2075

    Cross-site scripting (XSS) vulnerability in the Contact Save module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the access site-wide contact form permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal contact_save
    • EPSS Score: %0.34
    • Published: Aug. 14, 2012
    • Modified: Apr. 11, 2025
  • 2.1

    LOW
    CVE-2005-2991

    ncompress 4.2.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files using (1) zdiff or (2) zcmp, a different vulnerability than CVE-2004-0970.... Read more

    Affected Products : ncompress
    • EPSS Score: %0.09
    • Published: Sep. 20, 2005
    • Modified: Apr. 03, 2025
  • 2.1

    LOW
    CVE-2014-3426

    NCSA Mosaic 2.1 through 2.7b5 allows local users to cause a denial of service ("remote control" outage) by creating a /tmp/Mosaic.pid file for every possible PID.... Read more

    Affected Products : ncsa_mosaic
    • EPSS Score: %0.05
    • Published: May. 08, 2014
    • Modified: Apr. 12, 2025
  • 2.1

    LOW
    CVE-2006-4537

    NET$SESSION_CONTROL.EXE in DECnet-Plus in OpenVMS ALPHA 7.3-2 and Alpha 8.2 writes a password to an audit log file when there is a successful connection after a "network breakin" event, which allows local users to obtain passwords by reading the file.... Read more

    Affected Products : dec_openvms_alpha
    • EPSS Score: %0.07
    • Published: Sep. 05, 2006
    • Modified: Apr. 03, 2025
  • 2.1

    LOW
    CVE-2005-4175

    Insyde BIOS V190 does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory.... Read more

    Affected Products : insyde_bios
    • EPSS Score: %0.13
    • Published: Dec. 11, 2005
    • Modified: Apr. 03, 2025
  • 2.1

    LOW
    CVE-2013-5440

    IBM InfoSphere Information Server 8.0, 8.1, 8.5, 8.7, and 9.1 allows local users to obtain sensitive information in opportunistic circumstances by leveraging the presence of file content after a failed installation.... Read more

    Affected Products : infosphere_information_server
    • EPSS Score: %0.05
    • Published: Dec. 18, 2013
    • Modified: Apr. 11, 2025
  • 2.1

    LOW
    CVE-2007-1448

    The Tape Engine in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to cause a denial of service (disabled interface) by calling an unspecified RPC function.... Read more

    • EPSS Score: %1.35
    • Published: Mar. 16, 2007
    • Modified: Apr. 09, 2025
  • 2.1

    LOW
    CVE-2000-0679

    The CVS 1.10.8 client trusts pathnames that are provided by the CVS server, which allows the server to force the client to create arbitrary files.... Read more

    Affected Products : cvs
    • EPSS Score: %0.38
    • Published: Oct. 20, 2000
    • Modified: Apr. 03, 2025
  • 2.1

    LOW
    CVE-2001-0071

    gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection.... Read more

    Affected Products : privacy_guard
    • EPSS Score: %0.14
    • Published: Feb. 12, 2001
    • Modified: Apr. 03, 2025
  • 2.1

    LOW
    CVE-2000-0866

    Interbase 6 SuperServer for Linux allows an attacker to cause a denial of service via a query containing 0 bytes.... Read more

    Affected Products : interbase_superserver
    • EPSS Score: %0.07
    • Published: Nov. 14, 2000
    • Modified: Apr. 03, 2025
  • 2.1

    LOW
    CVE-2004-0207

    "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions... Read more

    • EPSS Score: %1.59
    • Published: Nov. 03, 2004
    • Modified: Apr. 03, 2025
  • 2.1

    LOW
    CVE-2006-2334

    The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be... Read more

    Affected Products : windows_2000 windows_xp
    • EPSS Score: %3.43
    • Published: May. 12, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 291541 Results