Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2001-0261

    Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files.... Read more

    Affected Products : windows_2000
    • Published: Jun. 02, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-0170

    glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, HOSTALIASES, or RES_OPTIONS environmental variables when executing setuid/setgid programs, which could allow local users to read arbitrary files.... Read more

    Affected Products : debian_linux linux linux immunix
    • Published: Mar. 26, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-1439

    gcc 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary .i, .s, or .o files.... Read more

    Affected Products : gcc
    • Published: Jan. 02, 1998
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1023

    Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and MailServer before 6.0.5, when installed on Windows based systems, do not modify the ACLs for critical files, which allows local users with Power Users privileges to modify programs, in... Read more

    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1748

    NtRegmon before 6.12 allows local users to cause a denial of service (crash), while NtRegmon is running, via invalid pointers to hook functions such as ZwSetQueryValue.... Read more

    Affected Products : regmon
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2024-37046

    A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read the contents of unexpected files and expose sensit... Read more

    Affected Products : quts_hero qts
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 2.1

    LOW
    CVE-2025-47929

    DumbDrop, a file upload application that provides an interface for dragging and dropping files, has a DOM cross-site scripting vulnerability in the upload functionality prior to commit db27b25372eb9071e63583d8faed2111a2b79f1b. A user could be tricked into... Read more

    Affected Products :
    • Published: May. 15, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.1

    LOW
    CVE-2014-4835

    IBM ServerGuide before 9.63, UpdateXpress System Packs Installer (UXSPI) before 9.63, and ToolsCenter Suite before 9.63 place credentials in logs, which allows local users to obtain sensitive information by reading a file.... Read more

    • Published: Jan. 17, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2012-5545

    Multiple cross-site scripting (XSS) vulnerabilities in the ShareThis module 7.x-2.x before 7.x-2.5 for Drupal allow remote authenticated users with the "administer sharethis" permission to inject arbitrary web script or HTML via unspecified vectors relate... Read more

    Affected Products : drupal sharethis
    • Published: Dec. 03, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-8519

    Unspecified vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to read arbitrary files via unknown vectors.... Read more

    Affected Products : network_data_loss_prevention
    • Published: Oct. 29, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2025-43753

    A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.32 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through ... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.1

    LOW
    CVE-2006-2205

    The audio_write function in NetBSD 3.0 allows local users to cause a denial of service (kernel crash) by using the audiosetinfo ioctl to change the sample rate of an audio device.... Read more

    Affected Products : netbsd
    • Published: May. 05, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-2166

    Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for a... Read more

    • Published: May. 04, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-4537

    NET$SESSION_CONTROL.EXE in DECnet-Plus in OpenVMS ALPHA 7.3-2 and Alpha 8.2 writes a password to an audit log file when there is a successful connection after a "network breakin" event, which allows local users to obtain passwords by reading the file.... Read more

    Affected Products : dec_openvms_alpha
    • Published: Sep. 05, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2008-0580

    Geert Moernaut LSrunasE and Supercrypt use an encryption key composed of an SHA1 hash of a fixed string embedded in the executable file, which makes it easier for local users to obtain this key without reverse engineering.... Read more

    Affected Products : lsrunase supercrypt
    • Published: Feb. 05, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2013-5440

    IBM InfoSphere Information Server 8.0, 8.1, 8.5, 8.7, and 9.1 allows local users to obtain sensitive information in opportunistic circumstances by leveraging the presence of file content after a failed installation.... Read more

    Affected Products : infosphere_information_server
    • Published: Dec. 18, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2011-5189

    Cross-site scripting (XSS) vulnerability in the Webform Validation module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with permissions to "update Webform nodes" to inject arbitrary web script or HTML via ... Read more

    Affected Products : drupal webform_validation
    • Published: Sep. 20, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2025-22272

    In the "/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg" endpoint, it is possible to inject code in the "modalDlgMsgInternal" parameter via POST, which is then executed in the browser. The risk of exploiting vulnerability is reduced due to the required ... Read more

    Affected Products :
    • Published: Feb. 28, 2025
    • Modified: Mar. 05, 2025
    • Vuln Type: Injection

  • 2.1

    LOW
    CVE-2014-8518

    The (1) Removable Media and (2) CD and DVD encryption offsite access options (formerly Endpoint Encryption for Removable Media or EERM) in McAfee File and Removable Media Protection (FRP) 4.3.0.x, and Endpoint Encryption for Files and Folders (EEFF) 3.2.x... Read more

    • Published: Oct. 29, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-0136

    powervc-iso-import in IBM PowerVC 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 places an access token on the command line during IVM and PowerKVM management, which allows local users to obtain sensitive information by listing the process.... Read more

    Affected Products : powervc
    • Published: Mar. 24, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293633 Results