Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.9

    LOW
    CVE-2011-5204

    Akiva WebBoard 8.x stores passwords in plaintext, which allows local users to obtain sensitive information by reading from the database.... Read more

    Affected Products : webboard
    • EPSS Score: %0.37
    • Published: Oct. 04, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2002-1785

    Cross-site scripting (XSS) vulnerability in Zeus Administration Server in Zeus Web Server 4.0 through 4.1r2 allows remote authenticated users to inject arbitrary web script or HTML via the section parameter to index.fcgi.... Read more

    Affected Products : zeus_web_server
    • EPSS Score: %0.16
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 1.9

    LOW
    CVE-2011-5119

    Multiple race conditions in Comodo Internet Security before 5.8.211697.2124 allow local users to bypass the Defense+ feature via unspecified vectors.... Read more

    Affected Products : comodo_internet_security
    • EPSS Score: %0.04
    • Published: Aug. 26, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2015-1901

    The installer in IBM InfoSphere Information Server 8.5 through 11.3 before 11.3.1.2 allows local users to obtain sensitive information via unspecified commands.... Read more

    Affected Products : infosphere_information_server
    • EPSS Score: %0.06
    • Published: Jun. 28, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2010-2027

    Mathematica 7, when running on Linux, allows local users to overwrite arbitrary files via a symlink attack on (1) files within /tmp/MathLink/ or (2) /tmp/fonts$$.conf.... Read more

    Affected Products : linux_kernel mathematica
    • EPSS Score: %0.03
    • Published: May. 24, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2023-20512

    A hardcoded AES key in PMFW may result in a privileged attacker gaining access to the key, potentially resulting in internal debug information leakage.... Read more

    Affected Products :
    • Published: Aug. 13, 2024
    • Modified: Oct. 30, 2024

  • 1.9

    LOW
    CVE-2007-0823

    xterm on Slackware Linux 10.2 stores information that had been displayed for a different user account using the same xterm process, which might allow local users to bypass file permissions and read other users' files, or obtain other sensitive information... Read more

    Affected Products : slackware_linux
    • EPSS Score: %0.05
    • Published: Feb. 07, 2007
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2011-4105

    LightDM before 1.0.6 allows local users to change ownership of arbitrary files via a symlink attack on ~/.Xauthority.... Read more

    Affected Products : lightdm
    • EPSS Score: %0.05
    • Published: Feb. 17, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2013-4425

    The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when starting up, encrypts the TLS private key file using "SuperSecretPassword" as the hardcoded password, which allows local users to obtain the private key.... Read more

    Affected Products : osirix osirix_md
    • EPSS Score: %0.06
    • Published: Nov. 18, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2008-4230

    The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 displays SMS messages when the emergency-call screen is visible, which allows physically proximate attackers to obtain sensitive information by readi... Read more

    Affected Products : iphone_os ipod_touch
    • EPSS Score: %0.07
    • Published: Nov. 25, 2008
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2003-1447

    IBM WebSphere Advanced Server Edition 4.0.4 uses a weak encryption algorithm (XOR and base64 encoding), which allows local users to decrypt passwords when the configuration file is exported to XML.... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %0.04
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 1.9

    LOW
    CVE-2003-1399

    eject 2.0.10, when installed setuid on systems such as SuSE Linux 7.3, generates different error messages depending on whether a specified file exists or not, which allows local users to obtain sensitive information.... Read more

    Affected Products : eject
    • EPSS Score: %0.06
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 1.9

    LOW
    CVE-2014-9415

    Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted QES file.... Read more

    Affected Products : espace_desktop
    • EPSS Score: %0.11
    • Published: Dec. 24, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2008-3876

    Apple iPhone 2.0.2, in some configurations, allows physically proximate attackers to bypass intended access restrictions, and obtain sensitive information or make arbitrary use of the device, via an Emergency Call tap and a Home double-tap, followed by a ... Read more

    Affected Products : iphone
    • EPSS Score: %0.06
    • Published: Sep. 02, 2008
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2009-5117

    The Web Post Protection feature in McAfee Host Data Loss Prevention (DLP) 3.x before 3.0.100.10 and 9.x before 9.0.0.422, when HTTP Capture mode is enabled, allows local users to obtain sensitive information from web traffic by reading unspecified files.... Read more

    Affected Products : host_data_loss_prevention
    • EPSS Score: %0.06
    • Published: Aug. 22, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2008-2143

    Unspecified versions of Microsoft Outlook Web Access (OWA) use the Cache-Control: no-cache HTTP directive instead of no-store, which might cause web browsers that follow RFC-2616 to cache sensitive information.... Read more

    Affected Products : outlook_web_access
    • EPSS Score: %0.46
    • Published: May. 12, 2008
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2012-0700

    The client in InfoSphere FastTrack 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly store credentials, which allows local users to bypass intended access restrictions via unspecified vectors.... Read more

    • EPSS Score: %0.05
    • Published: Jan. 31, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2011-1073

    crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users to (1) determine the existence of arbitrary files via a symlink attack on a /tmp/crontab.XXXXXXXXXX temporary file and (2) perform MD5 checksum comparisons on arbitrary pairs of files v... Read more

    Affected Products : freebsd mac_os_x
    • EPSS Score: %0.02
    • Published: Mar. 04, 2011
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2009-0437

    The Installation Factory installation process for IBM WebSphere Application Server (WAS) 6.0.2 on Windows, when WAS is registered as a Windows service, allows local users to obtain sensitive information by reading the logs/instconfigifwas6.log log file.... Read more

    • EPSS Score: %0.06
    • Published: Feb. 10, 2009
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2014-6146

    IBM Sterling B2B Integrator 5.2.x through 5.2.4, when the Connect:Direct Server Adapter is configured, does not properly process the logging configuration, which allows local users to obtain sensitive information by reading log files.... Read more

    Affected Products : sterling_b2b_integrator
    • EPSS Score: %0.06
    • Published: Nov. 08, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 291222 Results