Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2005-3054

    fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not properly restrict access to other directories when the open_basedir directive includes a trailing slash, which allows PHP scripts in one directory to access files in other directories wh... Read more

    Affected Products : php
    • EPSS Score: %0.57
    • Published: Sep. 26, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2014-1933

    The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by... Read more

    Affected Products : pillow python_imaging_library
    • EPSS Score: %0.11
    • Published: Apr. 17, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2006-1526

    Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers to cause a denial of service (crash), as demonstrated by the (1) XRenderCompositeTriStrip and (2) XRenderCompositeTriFan requests in the rendertest from XCB... Read more

    Affected Products : x11r6
    • EPSS Score: %0.44
    • Published: May. 02, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-2292

    Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords in (1) IDEConnections.xml, (2) XSQLConfig.xml and (3) settings.xml, which allows local users to obtain sensitive information.... Read more

    Affected Products : jdeveloper
    • EPSS Score: %0.33
    • Published: Jul. 18, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-1041

    The fib_seq_start function in fib_hash.c in Linux kernel allows local users to cause a denial of service (system crash) via /proc/net/route.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.07
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2014-8834

    UserAccountUpdater in Apple OS X 10.10 before 10.10.2 stores a PDF document's password in a printing preference file, which allows local users to obtain sensitive information by reading a file.... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %0.06
    • Published: Jan. 30, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2005-2294

    Oracle Forms 4.5, 6.0, 6i, and 9i on Unix, when a large number of records are retrieved by an Oracle form, stores a copy of the database tables in a world-readable temporary file, which allows local users to gain sensitive information such as credit card ... Read more

    Affected Products : forms
    • EPSS Score: %0.28
    • Published: Jul. 18, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2012-1768

    Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-... Read more

    Affected Products : fusion_middleware
    • EPSS Score: %0.64
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2007-6249

    etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by readi... Read more

    Affected Products : portage linux
    • EPSS Score: %0.07
    • Published: Dec. 15, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2005-1152

    popauth.c in qpopper 4.0.5 and earlier does not properly set the umask, which may cause qpopper to create files with group or world-writable permissions.... Read more

    Affected Products : qpopper qpopper
    • EPSS Score: %0.07
    • Published: May. 25, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2015-1355

    Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak password-hash algorithm, which makes it easier for local users to determine cleartext passwords by reading a project file and conducting a brute-force attack.... Read more

    Affected Products : simatic_step_7
    • EPSS Score: %0.06
    • Published: Feb. 18, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2007-3654

    The display driver allocattr functions in NetBSD 3.0 through 4.0_BETA2, and NetBSD-current before 20070728, allow local users to cause a denial of service (panic) via a (1) negative or (2) large value in an ioctl call, as demonstrated by the vga_allocattr... Read more

    Affected Products : netbsd
    • EPSS Score: %0.07
    • Published: Sep. 17, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2014-3800

    XBMC 13.0 uses world-readable permissions for .xbmc/userdata/sources.xml, which allows local users to obtain user names and passwords by reading this file.... Read more

    Affected Products : xbmc
    • EPSS Score: %0.05
    • Published: Aug. 07, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2007-3721

    The ULE process scheduler in the FreeBSD kernel gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Supe... Read more

    Affected Products : freebsd
    • EPSS Score: %0.06
    • Published: Jul. 12, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2014-3099

    Unspecified vulnerability in the Security component in IBM Systems Director 6.3.0 through 6.3.5 allows local users to obtain sensitive information via unknown vectors.... Read more

    Affected Products : systems_director
    • EPSS Score: %0.13
    • Published: Dec. 06, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-8534

    Unspecified vulnerability in the login form in McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to cause a denial of service via a crafted value in the domain field.... Read more

    Affected Products : network_data_loss_prevention
    • EPSS Score: %0.05
    • Published: Oct. 29, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2006-2612

    Novell Client for Windows 4.8 and 4.9 does not restrict access to the clipboard contents while a machine is locked, which allows users with physical access to read the current clipboard contents by pasting them into the "User Name" field on the login prom... Read more

    Affected Products : client
    • EPSS Score: %0.08
    • Published: May. 26, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2012-1632

    Cross-site scripting (XSS) vulnerability in password_policy.admin.inc in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote authenticated users with administer policies permissions to inject arbitrary web script or HTML v... Read more

    Affected Products : drupal password_policy password_policy
    • EPSS Score: %0.18
    • Published: Sep. 20, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-8526

    McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local users to obtain sensitive information by reading a Java stack trace.... Read more

    Affected Products : network_data_loss_prevention
    • EPSS Score: %0.12
    • Published: Oct. 29, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2012-5538

    Cross-site scripting (XSS) vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.6 for Drupal, when the field has "Reference existing" source enabled, allows remote authenticated users to inject arbitrary web script... Read more

    Affected Products : drupal filefield_sources
    • EPSS Score: %0.20
    • Published: Dec. 03, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 291717 Results