Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-1999-1439

    gcc 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary .i, .s, or .o files.... Read more

    Affected Products : gcc
    • Published: Jan. 02, 1998
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2010-1362

    Cross-site scripting (XSS) vulnerability in the Own Term module 6.x-1.0 for Drupal allows remote authenticated users, with "create additional terms" privileges, to inject arbitrary web script or HTML via the term description field in a term listing page.... Read more

    Affected Products : drupal ownterm
    • Published: Apr. 13, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-4380

    Cross-site scripting (XSS) vulnerability in the MediaFront module 6.x-1.x before 6.x-1.6, 7.x-1.x before 7.x-1.6, and 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer mediafront" permission to inject arbitrary web s... Read more

    Affected Products : drupal mediafront
    • Published: May. 20, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-0265

    The redirect_stderr function in xnbd_common.c in xnbd-server and xndb-wrapper in xNBD 0.1.0 allow local users to overwrite arbitrary files via a symlink attack on /tmp/xnbd.log.... Read more

    Affected Products : xnbd
    • Published: Feb. 13, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2005-0114

    vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm Wireless before 5.5.080.000, Check Point Integrity Client 4.x before 4.5.122.000 and 5.x before 5.1.556.166 do not properly verify that the ServerPortName argument to the NtConnectPort funct... Read more

    • Published: Feb. 11, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-3620

    The management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 records passwords in cleartext in URLs that are stored in world-readable web server log files, which allows local users to ... Read more

    Affected Products : esx
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2000-0456

    NetBSD 1.4.2 and earlier allows local users to cause a denial of service by repeatedly running certain system calls in the kernel which do not yield the CPU, aka "cpu-hog".... Read more

    Affected Products : netbsd
    • Published: May. 28, 2000
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-1782

    Unspecified vulnerability in Solaris 8 and 9 allows local users to obtain the LDAP Directory Server root Distinguished Name (rootDN) password when a privileged user (1) runs idsconfig; or "insecurely" runs LDAP2 commands with the -w option, including (2) ... Read more

    Affected Products : solaris sunos
    • Published: Apr. 13, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2000-0269

    Emacs 20 does not properly set permissions for a slave PTY device when starting a new subprocess, which allows local users to read or modify communications between Emacs and the subprocess.... Read more

    Affected Products : emacs
    • Published: Apr. 18, 2000
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-1587

    NetBSD 1.6 up to 3.0, when a user has "set record" in .mailrc with the default umask set, creates the record file with 0644 permissions, which allows local users to read the record file.... Read more

    Affected Products : netbsd
    • Published: Apr. 03, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-1441

    Linux 2.0.34 does not properly prevent users from sending SIGIO signals to arbitrary processes, which allows local users to cause a denial of service by sending SIGIO to processes that do not catch it.... Read more

    Affected Products : linux_kernel
    • Published: Jun. 30, 1998
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-1588

    The bridge ioctl (if_bridge code) in NetBSD 1.6 through 3.0 does not clear sensitive memory before copying ioctl results to the requesting process, which allows local users to obtain portions of kernel memory.... Read more

    Affected Products : netbsd
    • Published: Apr. 03, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2025-43753

    A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.32 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through ... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.1

    LOW
    CVE-2025-53535

    Better Auth is an authentication and authorization library for TypeScript. An open redirect has been found in the originCheck middleware function, which affects the following routes: /verify-email, /reset-password/:token, /delete-user/callback, /magic-lin... Read more

    Affected Products : better_auth
    • Published: Jul. 07, 2025
    • Modified: Jul. 08, 2025
    • Vuln Type: Authentication

  • 2.1

    LOW
    CVE-2015-4865

    Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality via vectors related to Business Objects - BC4J.... Read more

    Affected Products : e-business_suite
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-6109

    The kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the KASLR protection mechanism, and consequently discover a driver base address, via a crafted application, aka "Windows... Read more

    • Published: Nov. 11, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-6252

    The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel before 4.1.5 allows local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers permanent file-descriptor allocation.... Read more

    Affected Products : linux_kernel
    • Published: Oct. 19, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-3291

    arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform does not properly determine when nested NMI processing is occurring, which allows local users to cause a denial of service (skipped NMI) by modifying the rsp register, issui... Read more

    Affected Products : linux_kernel
    • Published: Aug. 31, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-2576

    Unspecified vulnerability in the MySQL Utilities component in Oracle MySQL 1.5.1 and earlier, when running on Windows, allows local users to affect integrity via unknown vectors related to Installation.... Read more

    • Published: Apr. 16, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-4140

    Cross-site scripting (XSS) vulnerability in the TinyBox (Simple Splash) module before 7.x-2.2 for Drupal allows remote authenticated users with the "administer tinybox" permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal tinybox
    • Published: Jul. 29, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 293611 Results