Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2004-0968

    The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files.... Read more

    • EPSS Score: %0.07
    • Published: Feb. 09, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2015-4910

    Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.... Read more

    Affected Products : enterprise_linux mysql
    • EPSS Score: %0.51
    • Published: Oct. 22, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-2574

    Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality via unknown vectors related to Text Utilities.... Read more

    Affected Products : solaris
    • EPSS Score: %0.16
    • Published: Apr. 16, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2005-2991

    ncompress 4.2.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files using (1) zdiff or (2) zcmp, a different vulnerability than CVE-2004-0970.... Read more

    Affected Products : ncompress
    • EPSS Score: %0.09
    • Published: Sep. 20, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-4537

    NET$SESSION_CONTROL.EXE in DECnet-Plus in OpenVMS ALPHA 7.3-2 and Alpha 8.2 writes a password to an audit log file when there is a successful connection after a "network breakin" event, which allows local users to obtain passwords by reading the file.... Read more

    Affected Products : dec_openvms_alpha
    • EPSS Score: %0.07
    • Published: Sep. 05, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2025-22272

    In the "/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg" endpoint, it is possible to inject code in the "modalDlgMsgInternal" parameter via POST, which is then executed in the browser. The risk of exploiting vulnerability is reduced due to the required ... Read more

    Affected Products :
    • Published: Feb. 28, 2025
    • Modified: Mar. 05, 2025
    • Vuln Type: Injection

  • 2.1

    LOW
    CVE-2004-2400

    WinFTP Server 1.6 stores username and password credentials in plaintext in the data\user.wfd file, which allows local users to gain access to the credentials.... Read more

    Affected Products : winftp_server
    • EPSS Score: %0.08
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-3878

    Opsware Network Automation System (NAS) 6.0 installs /etc/init.d/mysql with insecure permissions, which allows local users to read the root password for the MySQL MAX database or gain privileges by modifying /etc/init.d/mysql.... Read more

    Affected Products : network_automation_system
    • EPSS Score: %0.06
    • Published: Jul. 27, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-2605

    aStats 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on (1) the aStats-Graphic-Signature-Generation file and (2) certain PNG image files.... Read more

    Affected Products : astats
    • EPSS Score: %0.10
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2013-5380

    IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows local users to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : maximo_asset_management
    • EPSS Score: %0.06
    • Published: Oct. 01, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-7368

    Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache.... Read more

    Affected Products : revive_adserver
    • EPSS Score: %0.06
    • Published: Oct. 14, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2004-2684

    Unspecified vulnerability in the %template package in InterSystems Cache' 5.0 allows attackers to access certain files on a server, including (1) cache.key and (2) cache.dat, related to .csp files under (a) Dev\studio\templates and (b) Devuser\studio\temp... Read more

    Affected Products : cache_database
    • EPSS Score: %0.06
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2013-5440

    IBM InfoSphere Information Server 8.0, 8.1, 8.5, 8.7, and 9.1 allows local users to obtain sensitive information in opportunistic circumstances by leveraging the presence of file content after a failed installation.... Read more

    Affected Products : infosphere_information_server
    • EPSS Score: %0.05
    • Published: Dec. 18, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2004-2337

    The /.inlook/.crypt file for inlook 0.7.3 and earlier is installed with world readable permissions, which allows local users to obtain user POP3 credentials.... Read more

    Affected Products : inlook
    • EPSS Score: %0.06
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2015-6754

    Cross-site scripting (XSS) vulnerability in the administration interface in the Path Breadcrumbs module 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "Administer Path Breadcrumbs" permission to inject arbitrary web script or... Read more

    Affected Products : path_breadcrumbs
    • EPSS Score: %0.18
    • Published: Aug. 31, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2010-1487

    IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG.... Read more

    Affected Products : lotus_notes notes
    • EPSS Score: %0.06
    • Published: Apr. 20, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-2711

    Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy List module 6.x-1.x before 6.x-1.4 for Drupal allow remote authenticated users with create or edit taxonomy terms permissions to inject arbitrary web script or HTML via vectors related to... Read more

    Affected Products : drupal taxonomy_list
    • EPSS Score: %0.28
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2000-0605

    Blackboard CourseInfo 4.0 stores the local and SQL administrator user names and passwords in cleartext in a registry key whose access control allows users to access the passwords.... Read more

    Affected Products : courseinfo
    • EPSS Score: %0.13
    • Published: Jul. 10, 2000
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-2868

    ZipTorrent 1.3.7.3 stores sensitive information in plaintext in the pref.txt file, which allows local users to obtain sensitive information such as proxy server information and passwords.... Read more

    Affected Products : ziptorrent
    • EPSS Score: %0.13
    • Published: Sep. 08, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-2785

    cosmoshop 8.10.78 and earlier stores passwords in plaintext in the database, which allows local users to obtain sensitive information.... Read more

    Affected Products : cosmoshop
    • EPSS Score: %0.07
    • Published: Sep. 02, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 291615 Results