Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2012-1632

    Cross-site scripting (XSS) vulnerability in password_policy.admin.inc in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote authenticated users with administer policies permissions to inject arbitrary web script or HTML v... Read more

    Affected Products : drupal password_policy password_policy
    • Published: Sep. 20, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-1768

    Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-... Read more

    Affected Products : fusion_middleware
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-2082

    Cross-site scripting (XSS) vulnerability in the Chaos tool suite (aka CTools) module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the post comments permission to inject arbitrary web script or HTML via a user signature.... Read more

    Affected Products : ctools
    • Published: Aug. 14, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-0863

    Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and configuration data by reading a file.... Read more

    Affected Products : mumble
    • Published: Apr. 30, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-1986

    Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary... Read more

    • Published: May. 29, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-1127

    The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensitive information by reading index entries.... Read more

    Affected Products : safari
    • Published: Apr. 10, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2009-3156

    Cross-site scripting (XSS) vulnerability in the Date Tools sub-module in the Date module 6.x before 6.x-2.3 for Drupal allows remote authenticated users, with "use date tools" or "administer content types" privileges, to inject arbitrary web script or HTM... Read more

    Affected Products : drupal date
    • Published: Sep. 10, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2012-1658

    Cross-site scripting (XSS) vulnerability in the Read More Link module 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users with the access administration pages permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal ed_readmore
    • Published: Sep. 18, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-2072

    Cross-site scripting (XSS) vulnerability in the Share Buttons (AddToAny) module 6.x-3.x before 6.x-3.4 for Drupal allows remote authenticated users with the administer addtoany permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal addtoany
    • Published: Aug. 14, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-0657

    Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: May. 11, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-1060

    Multiple cross-site scripting (XSS) vulnerabilities in revisioning_theme.inc in the Taxonomy module in the Revisioning module 6.x-3.13 and other versions before 6.x-3.14 for Drupal allow remote authenticated users with certain privileges to inject arbitra... Read more

    Affected Products : drupal revisioning
    • Published: Feb. 14, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-1644

    The Organic Groups (OG) Vocabulary module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with certain administrator permissions to modify the vocabularies of other groups via unspecified vectors.... Read more

    Affected Products : drupal og_vocab
    • Published: Aug. 28, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-1657

    Cross-site scripting (XSS) vulnerability in block_class.module in the Block Class module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the class name.... Read more

    Affected Products : drupal block_class
    • Published: Sep. 18, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2024-53698

    A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify memory. We have already fixed the vulnerability in... Read more

    Affected Products : quts_hero qts
    • Published: Mar. 07, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Memory Corruption

  • 2.1

    LOW
    CVE-2024-53697

    An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory. We have already fixed ... Read more

    Affected Products : quts_hero qts
    • Published: Mar. 07, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Memory Corruption

  • 2.1

    LOW
    CVE-2024-53699

    An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory. We have already fixed ... Read more

    Affected Products : quts_hero qts
    • Published: Mar. 07, 2025
    • Modified: Mar. 07, 2025
    • Vuln Type: Memory Corruption

  • 2.1

    LOW
    CVE-2005-4783

    kernfs_xread in kernfs_vnops.c in NetBSD before 20050831 does not check for a negative offset when reading the message buffer, which allows local users to read arbitrary kernel memory.... Read more

    Affected Products : netbsd
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2011-1943

    The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a... Read more

    Affected Products : fedora networkmanager
    • Published: Jun. 14, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2011-0197

    App Store in Apple Mac OS X before 10.6.8 creates a log entry containing a user's AppleID password, which might allow local users to obtain sensitive information by reading a log file, as demonstrated by a log file that has non-default permissions.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Jun. 24, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2011-1170

    net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially se... Read more

    Affected Products : linux_kernel
    • Published: Jun. 22, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 293508 Results