Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2011-2286

    Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows remote authenticated users to affect availability, related to ZFS.... Read more

    Affected Products : solaris
    • EPSS Score: %0.36
    • Published: Oct. 18, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2007-4271

    Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary files via a .. (dot dot) in an unspecified environment variable, which is appended to "/tmp/" and used as a log file. NOTE:... Read more

    Affected Products : db2_universal_database
    • EPSS Score: %0.05
    • Published: Aug. 18, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2013-0245

    The printer friendly version functionality in the Book module in Drupal 6.x before 6.28 and 7.x before 7.19 does not properly restrict access to node that are part of a book outline, which allows remote authenticated users with the "access printer-friendl... Read more

    Affected Products : drupal
    • EPSS Score: %0.38
    • Published: Jul. 16, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-0959

    Remote Login Service (RLS) 1.0.0 does not properly clear account information when switching users, which might allow physically proximate users to obtain login credentials.... Read more

    Affected Products : remote_login_service
    • EPSS Score: %0.07
    • Published: Nov. 24, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-5516

    Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and might allow local users to obtain sensitive information via... Read more

    • EPSS Score: %0.07
    • Published: Jan. 04, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-3602

    Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp.... Read more

    Affected Products : openshift openshift
    • EPSS Score: %0.11
    • Published: Nov. 13, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2010-0750

    pkexec.c in pkexec in libpolkit in PolicyKit 0.96 allows local users to determine the existence of arbitrary files via the argument.... Read more

    Affected Products : policykit
    • EPSS Score: %0.08
    • Published: Apr. 06, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-3077

    IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file.... Read more

    • EPSS Score: %0.05
    • Published: Sep. 15, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2012-6115

    The domain management tool (rhevm-manage-domains) in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier, when the validate action is enabled, logs the administrative password to a world-readable log file, which allows local users to obtain... Read more

    Affected Products : enterprise_virtualization_manager
    • EPSS Score: %0.06
    • Published: Mar. 12, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-5605

    Grinder in Red Hat CloudForms before 1.1 uses world-writable permissions for /var/lib/pulp/cache/grinder/, which allows local users to modify grinder cache files.... Read more

    • EPSS Score: %0.08
    • Published: Jan. 04, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-8135

    The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted offset value in a "vi... Read more

    Affected Products : libvirt
    • EPSS Score: %0.16
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-5162

    Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.06
    • Published: Oct. 24, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-1004

    Multiple cross-site scripting (XSS) vulnerabilities in UI/Register.pm in Foswiki before 1.1.5 allow remote authenticated users with CHANGE privileges to inject arbitrary web script or HTML via the (1) text, (2) FirstName, (3) LastName, (4) OrganisationNam... Read more

    Affected Products : foswiki
    • EPSS Score: %0.26
    • Published: Feb. 08, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-0266

    manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the ... Read more

    Affected Products : folsom essex
    • EPSS Score: %0.04
    • Published: Mar. 08, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-1149

    probers/udisks-dm-export.c in udisks before 1.0.1 exports UDISKS_DM_TARGETS_PARAMS information to udev even for a crypt UDISKS_DM_TARGETS_TYPE, which allows local users to discover encryption keys by (1) running a certain udevadm command or (2) reading a ... Read more

    Affected Products : udisks
    • EPSS Score: %0.04
    • Published: Apr. 12, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2011-1828

    usb-creator-helper in usb-creator before 0.2.28.3 does not enforce intended PolicyKit restrictions, which allows local users to perform arbitrary unmount operations via the UnmountFile method in a dbus-send command.... Read more

    Affected Products : usb-creator
    • EPSS Score: %0.06
    • Published: May. 16, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-0218

    The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and th... Read more

    • EPSS Score: %0.07
    • Published: Feb. 05, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-5297

    WordPress before 3.0.1, when a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic c... Read more

    Affected Products : wordpress
    • EPSS Score: %0.27
    • Published: Jan. 21, 2014
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2007-4656

    backup-manager-upload in Backup Manager before 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain sensitive information by listing the process and its a... Read more

    Affected Products : backup_manager
    • EPSS Score: %0.07
    • Published: Sep. 04, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2013-0348

    thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file.... Read more

    Affected Products : fedora opensuse thttpd linux sthttpd
    • EPSS Score: %0.05
    • Published: Dec. 13, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 291638 Results