Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2011-5188

    Cross-site scripting (XSS) vulnerability in the Support Timer module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "track time spent" permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal support_timer
    • Published: Sep. 20, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-2076

    Cross-site scripting (XSS) vulnerability in the administration forms in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with administer sharethis permissions to inject arbitrary web script or HTML via unspecified v... Read more

    Affected Products : drupal sharethis
    • Published: Aug. 14, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-2071

    Cross-site scripting (XSS) vulnerability in the Contact Forms module 6.x-1.x before 6.x-1.13 for Drupal when the core contact form is enabled, allows remote authenticated users with the administer site-wide contact form permission to inject arbitrary web ... Read more

    Affected Products : drupal contact_forms
    • Published: Aug. 14, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-3221

    Unspecified vulnerability in the Oracle VM Virtual Box component in Oracle Virtualization 3.2, 4.0, and 4.1 allows local users to affect availability via unknown vectors related to VirtualBox Core. NOTE: The previous information was obtained from the Oct... Read more

    • Published: Oct. 17, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-0346

    Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any ... Read more

    Affected Products : tomcat
    • Published: Feb. 15, 2014
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-3214

    Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.... Read more

    Affected Products : fusion_middleware
    • Published: Oct. 17, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-1586

    mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message.... Read more

    Affected Products : cifs-utils
    • Published: Aug. 27, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-3205

    Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity via unknown vectors related to Vino server.... Read more

    Affected Products : sunos solaris
    • Published: Oct. 17, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2009-2743

    IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27, and 7.0 before 7.0.0.7, does not properly handle an exception occurring after use of wsadmin scripts and configuration of JAAS-J2C Authentication Data, which allows local users to obtain sensitiv... Read more

    Affected Products : websphere_application_server
    • Published: Sep. 21, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2012-1767

    Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than... Read more

    Affected Products : fusion_middleware
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-2672

    Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext reference during startup, which allows local users to obtain context information an access resources from another WAR file by calling the FacesContext.getCurrentInstance function.... Read more

    Affected Products : mojarra
    • Published: Jun. 17, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-0345

    varnish 3.0.3 uses world-readable permissions for the /var/log/varnish/ directory and the log files in the directory, which allows local users to obtain sensitive information by reading the files. NOTE: some of these details are obtained from third party... Read more

    Affected Products : varnish_cache
    • Published: May. 08, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2008-5690

    The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, and OpenSolaris build snv_01 through snv_104, allows local users to cause a denial of service (authentication failure) via unspecified vectors related to incorrect cache file permissions... Read more

    Affected Products : solaris opensolaris
    • Published: Dec. 19, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2012-2760

    mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.... Read more

    Affected Products : mod_auth_openid
    • Published: Jul. 25, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-2075

    Cross-site scripting (XSS) vulnerability in the Contact Save module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the access site-wide contact form permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal contact_save
    • Published: Aug. 14, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-2072

    Cross-site scripting (XSS) vulnerability in the Share Buttons (AddToAny) module 6.x-3.x before 6.x-3.4 for Drupal allows remote authenticated users with the administer addtoany permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal addtoany
    • Published: Aug. 14, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-3866

    lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master serv... Read more

    Affected Products : puppet_enterprise puppet puppet
    • Published: Aug. 06, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-1717

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors... Read more

    • Published: Jun. 16, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-2726

    Cross-site scripting (XSS) vulnerability in the Protest module 6.x-1.x before 6.x-1.2 or 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer protest" permission to inject arbitrary web script or HTML via the protest_bo... Read more

    Affected Products : drupal protest
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-6536

    net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not verify that the actual Netlink message length is consistent with a certain header field, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NE... Read more

    Affected Products : linux_kernel
    • Published: Mar. 15, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 293335 Results