Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2013-1785

    Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Premium Responsive theme before 7.x-1.6 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vector... Read more

    Affected Products : drupal responsive
    • Published: Mar. 27, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-0384

    Tor 0.2.2.x before 0.2.2.7-alpha, when functioning as a directory mirror, does not prevent logging of the client IP address upon detection of erroneous client behavior, which might make it easier for local users to discover the identities of clients in op... Read more

    Affected Products : tor tor
    • Published: Jan. 25, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-1650

    Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses weak permissions (group "other" readable) under opt/open-xchange/etc/, which allows local users to obtain sensitive information via standard filesystem operations.... Read more

    Affected Products : open-xchange_server
    • Published: Sep. 05, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-2027

    IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 improperly performs logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.... Read more

    Affected Products : websphere_extreme_scale
    • Published: Oct. 04, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-3851

    usr/lib/cgi-bin/create_passwd_file.py in Pyplate 0.08 uses world-readable permissions for passwd.db, which allows local users to obtain the administrator password by reading this file.... Read more

    Affected Products : pyplate
    • Published: Aug. 07, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-1971

    Cross-site scripting (XSS) vulnerability in the MP3 Player module for Drupal 6.x allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the file name of a MP3 file.... Read more

    Affected Products : drupal mp3_player
    • Published: Jun. 25, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-0260

    Unspecified vulnerability in the Drush Debian Packaging module for Drupal allows local users to obtain database credentials via unknown vectors.... Read more

    Affected Products : drupal drush_debian_packaging
    • Published: Mar. 27, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-2708

    Cross-site scripting (XSS) vulnerability in the _hosting_task_log_table function in modules/hosting/task/hosting_task.module in the Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal allows remote authenticated users with certain permissions to i... Read more

    Affected Products : drupal hostmaster hostmaster
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-1303

    Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Filter module 6.x before 6.x-1.1 for Drupal allow remote authenticated users, with administer taxonomy permissions or create node permissions when free tagging is enabled, to inject arbit... Read more

    Affected Products : drupal taxonomy_filter
    • Published: Apr. 08, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-6752

    Cross-site scripting (XSS) vulnerability in the Search API Autocomplete module 7.x-1.x before 7.x-1.3 for Drupal, when the search index is configured to use the HTML filter processor, allows remote authenticated users with certain permissions to inject ar... Read more

    Affected Products : search_api_autocomplete
    • Published: Aug. 31, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-6181

    EMC Watch4Net before 6.3 stores cleartext polled-device passwords in the installation repository, which allows local users to obtain sensitive information by leveraging repository privileges.... Read more

    Affected Products : watch4net
    • Published: Dec. 28, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-5964

    Cross-site scripting (XSS) vulnerability in the administration page in the Flag module 7.x-3.x before 7.x-3.1 for Drupal allows remote authenticated users with the "Administer flags" permission to inject arbitrary web script or HTML via the flag title.... Read more

    Affected Products : drupal flag_module
    • Published: Sep. 30, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-6746

    Basware Banking (Maksuliikenne) before 8.90.07.X stores private keys in plaintext in the SQL database, which allows remote attackers to spoof communications with banks via unspecified vectors. NOTE: this identifier was SPLIT from CVE-2015-0942 per ADT2 d... Read more

    Affected Products : banking
    • Published: Aug. 31, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-4452

    Red Hat JBoss Operations Network 3.1.2 uses world-readable permissions for the (1) server and (2) agent configuration files, which allows local users to obtain authentication credentials and other unspecified sensitive information by reading these files.... Read more

    Affected Products : jboss_operations_network
    • Published: Dec. 24, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-8536

    McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to obtain sensitive information by reading unspecified error messages.... Read more

    Affected Products : network_data_loss_prevention
    • Published: Oct. 29, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-9191

    The CodeWrights HART Device Type Manager (DTM) library in Emerson HART DTM before 1.4.181 allows physically proximate attackers to cause a denial of service (DTM outage and FDT Frame application hang) by transmitting crafted response packets on the 4-20 m... Read more

    Affected Products : hart_device_type_manager
    • Published: Jan. 10, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-6557

    IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 5.5 before 5.5.6.1, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 5.5 before ... Read more

    • Published: Aug. 23, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2012-0548

    Unspecified vulnerability in Oracle SPARC Enterprise M Series Servers XCP 1110 and earlier allows local users to affect confidentiality, related to XSCF Control Package (XCP).... Read more

    • Published: May. 03, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2008-7292

    Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before 3.0.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files, a different v... Read more

    Affected Products : windows bugzilla
    • Published: Aug. 09, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-5456

    Cross-site scripting (XSS) vulnerability in the Social Stats module before 7.x-1.5 for Drupal allows remote authenticated users with the "[Content Type]: Create new content" permission to inject arbitrary web script or HTML via vectors related to the conf... Read more

    Affected Products : social_stats
    • Published: Aug. 25, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 293360 Results