Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2005-2765

    The user interface in the Windows Firewall does not properly display certain malformed entries in the Windows Registry, which makes it easier for attackers with administrator privileges to hide activities if the administrator only uses the Windows Firewal... Read more

    Affected Products : windows_2003_server windows_xp
    • Published: Sep. 01, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2015-3361

    Cross-site scripting (XSS) vulnerability in the Linkit module before 7.x-2.7 and 7.x-3.x before 7.x-3.3 for Drupal, when the node search plugin is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a node title.... Read more

    Affected Products : linkit linkit
    • Published: Apr. 21, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2005-1405

    HTTP response splitting vulnerability in the @SetHTTPHeader function in Lotus Domino 6.5.x before 6.5.4 and 6.0.x before 6.0.5 allows attackers to poison the web cache via malicious applications.... Read more

    Affected Products : lotus_notes
    • Published: May. 03, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2013-4820

    Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, IceWall SSO SAML2 Agent Option 8.0, IceWall SSO JAVA Agent Library 8.0 through 10.0, IceWall Federation Agent 3.... Read more

    • Published: Sep. 23, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2007-1353

    The setsockopt function in the L2CAP and HCI Bluetooth support in the Linux kernel before 2.4.34.3 allows context-dependent attackers to read kernel memory and obtain sensitive information via unspecified vectors involving the copy_from_user function acce... Read more

    Affected Products : linux_kernel
    • Published: Apr. 24, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2023-22473

    Talk-Android enables users to have video & audio calls through Nextcloud on Android. Due to passcode bypass, an attacker is able to access the user's Nextcloud files and view conversations. To exploit this the attacker needs to have physical access to the... Read more

    Affected Products : talk nextcloud_server notes
    • Published: Jan. 09, 2023
    • Modified: Nov. 21, 2024

  • 2.1

    LOW
    CVE-2000-0309

    The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a local user to cause a denial of service.... Read more

    Affected Products : openbsd
    • Published: Mar. 12, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-1503

    The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS 5.5 through 5.8 allows remote attackers to list all accounts on a host by typing finger 'a b c d e f g h'@host.... Read more

    Affected Products : solaris sunos
    • Published: Dec. 31, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2013-1786

    Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Company theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal company
    • Published: Mar. 27, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-2563

    Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file.... Read more

    Affected Products : mambo_cms
    • Published: Jun. 09, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-1393

    Cross-site scripting (XSS) vulnerability in the CurvyCorners module 6.x-1.x and 7.x-1.x for Drupal allows remote authenticated users with the "administer curvycorners" permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal curvycorners
    • Published: Jun. 20, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-9568

    puppetlabs-rabbitmq 3.0 through 4.1 stores the RabbitMQ Erlang cookie value in the facts of a node, which allows local users to obtain sensitive information as demonstrated by using Facter.... Read more

    Affected Products : rabbitmq
    • Published: Feb. 03, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-3586

    The default configuration for the Command Line Interface in Red Hat Enterprise Application Platform before 6.4.0 and WildFly (formerly JBoss Application Server) uses weak permissions for .jboss-cli-history, which allows local users to obtain sensitive inf... Read more

    • Published: Apr. 21, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2008-3889

    Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service (application slowd... Read more

    Affected Products : linux_kernel postfix
    • Published: Sep. 12, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2014-2038

    The nfs_can_extend_write function in fs/nfs/write.c in the Linux kernel before 3.13.3 relies on a write delegation to extend a write operation without a certain up-to-date verification, which allows local users to obtain sensitive information from kernel ... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: Feb. 28, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2009-4269

    The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for... Read more

    Affected Products : derby
    • Published: Aug. 16, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-1599

    The Siemens SPCanywhere application for iOS allows physically proximate attackers to bypass intended access restrictions by leveraging a filesystem architectural error.... Read more

    Affected Products : spcanywhere
    • Published: Mar. 07, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-0397

    Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6570 and CVE-2014-6600.... Read more

    Affected Products : sunos solaris
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-2040

    Multiple cross-site scripting (XSS) vulnerabilities in the (1) callback_multicheck, (2) callback_radio, and (3) callback_wysiwygin functions in mfrh_class.settings-api.php in the Media File Renamer plugin 1.7.0 for WordPress allow remote authenticated use... Read more

    Affected Products : media_file_renamer
    • Published: Mar. 03, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-4499

    The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credentials in App Store logs, which allows local users to obtain sensitive information by reading a file.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Jan. 30, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293437 Results