Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2014-1831

    Phusion Passenger before 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file.... Read more

    Affected Products : passenger
    • Published: Feb. 19, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2010-3298

    The hso_get_count function in drivers/net/usb/hso.c in the Linux kernel before 2.6.36-rc5 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICO... Read more

    • Published: Sep. 30, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-6116

    modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file.... Read more

    Affected Products : katello katello-configure
    • Published: Mar. 01, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-4537

    Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fails, which allows local HVM guest OS administrators to cause a denial of service (memory consumption and assertion f... Read more

    Affected Products : xen
    • Published: Nov. 21, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-3866

    lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master serv... Read more

    Affected Products : puppet_enterprise puppet puppet
    • Published: Aug. 06, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-0370

    Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.... Read more

    Affected Products : supply_chain_products_suite
    • Published: Jan. 17, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-0218

    The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and th... Read more

    • Published: Feb. 05, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-4064

    Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTH... Read more

    Affected Products : lotus_inotes lotus_domino
    • Published: Dec. 21, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-4835

    IBM ServerGuide before 9.63, UpdateXpress System Packs Installer (UXSPI) before 9.63, and ToolsCenter Suite before 9.63 place credentials in logs, which allows local users to obtain sensitive information by reading a file.... Read more

    • Published: Jan. 17, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-2690

    Citrix VDI-in-a-Box 5.3.x before 5.3.6 and 5.4.x before 5.4.3 allows local users to obtain administrator credentials by reading the log.... Read more

    Affected Products : vdi-in-a-box
    • Published: Apr. 15, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2021-2141

    Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Pre Login). Supported versions that are affected are 12.0.2 and 12.0.3. Difficult to exploit vulnerability allows high privileged attacker wi... Read more

    Affected Products : flexcube_direct_banking
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 2.1

    LOW
    CVE-2025-47929

    DumbDrop, a file upload application that provides an interface for dragging and dropping files, has a DOM cross-site scripting vulnerability in the upload functionality prior to commit db27b25372eb9071e63583d8faed2111a2b79f1b. A user could be tricked into... Read more

    Affected Products :
    • Published: May. 15, 2025
    • Modified: May. 16, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.1

    LOW
    CVE-2001-0544

    IIS 5.0 allows local users to cause a denial of service (hang) via by installing content that produces a certain invalid MIME Content-Type header, which corrupts the File Type table.... Read more

    Affected Products : internet_information_services
    • Published: Oct. 30, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-0417

    Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files.... Read more

    Affected Products : kerberos_5 kerberos
    • Published: Jun. 27, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2010-0002

    The /etc/profile.d/60alias.sh script in the Mandriva bash package for Bash 2.05b, 3.0, 3.2, 3.2.48, and 4.0 enables the --show-control-chars option in LS_OPTIONS, which allows local users to send escape sequences to terminal emulators, or hide the existen... Read more

    Affected Products : bash
    • Published: Jan. 14, 2010
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2006-1705

    Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with "SELECT" privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations on that view.... Read more

    Affected Products : oracle10g oracle9i
    • Published: Apr. 11, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-3486

    Off-by-one buffer overflow in the Instance_options::complete_initialization function in instance_options.cc in the Instance Manager in MySQL before 5.0.23 and 5.1 before 5.1.12 might allow local users to cause a denial of service (application crash) via u... Read more

    Affected Products : mysql mysql
    • Published: Jul. 10, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-1963

    Linux kernel 2.4.1 through 2.4.19 sets root's NR_RESERVED_FILES limit to 10 files, which allows local users to cause a denial of service (resource exhaustion) by opening 10 setuid binaries.... Read more

    Affected Products : linux_kernel linux
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-0019

    Arrowpoint (aka Cisco Content Services, or CSS) allows local users to cause a denial of service via a long argument to the "show script," "clear script," "show archive," "clear archive," "show log," or "clear log" commands.... Read more

    Affected Products : arrowpoint content_services_switch
    • Published: Feb. 12, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-0798

    Vulnerability in swinstall for HP-UX 11.00 and 11.11 allows local users to view obtain data views for files that cannot be directly read by the user, which reportedly can be used to cause a denial of service.... Read more

    Affected Products : hp-ux
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025
Showing 20 of 293621 Results