Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2015-4378

    Cross-site scripting (XSS) vulnerability in the Crumbs module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with the "Administer Crumbs" permission to inject arbitrary web script or HTML via a custom breadcrumb separator.... Read more

    Affected Products : crumbs
    • Published: Jun. 15, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-6987

    The File Bookmark component in Apple OS X before 10.11.1 allows local users to cause a denial of service (application crash) via crafted bookmark metadata in a folder.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Oct. 23, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-7972

    The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function in tools/libxl/libxl_dom.c in Xen 3.4.x through 4.6.x do not properly calculate the balloon size when using the populate-on-demand (PoD) system, which allow... Read more

    Affected Products : xen
    • Published: Oct. 30, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2012-0813

    Wicd before 1.7.1 saves sensitive information in log files in /var/log/wicd, which allows context-dependent attackers to obtain passwords and other sensitive information.... Read more

    Affected Products : wicd
    • Published: Jun. 29, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2009-1276

    XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and Solaris 8 and 9 with GNOME 2.0 or 2.0.2, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked,... Read more

    Affected Products : solaris opensolaris gnome
    • Published: Apr. 09, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2008-4747

    Unspecified vulnerability in the search feature in Sun Java System LDAP JDK before 4.20 allows context-dependent attackers to obtain sensitive information via unknown attack vectors related to the LDAP JDK library.... Read more

    • Published: Oct. 27, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2013-5371

    The client in IBM Tivoli Storage Manager (TSM) 6.3.1 and 6.4.0 on Windows does not preserve permissions of Resilient File System (ReFS) files across backup and restore operations, which allows local users to bypass intended access restrictions via standar... Read more

    Affected Products : tivoli_storage_manager
    • Published: Jan. 23, 2014
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-6160

    IBM WebSphere Service Registry and Repository (WSRR) 8.5 before 8.5.0.1, when Chrome and WebSEAL are used, does not properly process ServiceRegistryDashboard logout actions, which allows remote attackers to bypass intended access restrictions by leveragin... Read more

    • Published: Dec. 29, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-7971

    Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence of crafted (1) HYPERCALL_xenoprof_op hypercalls, which ar... Read more

    Affected Products : xen
    • Published: Oct. 30, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-1595

    Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunderbird before 31.3 on Apple OS X 10.10 omit a CoreGraphics disable-logging action that is needed by jemalloc-based applications, which allows local users to obtain sensitive information b... Read more

    Affected Products : firefox firefox_esr thunderbird mac_os_x
    • Published: Dec. 11, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2007-6131

    buttonpressed.sh in scanbuttond 0.2.3 allows local users to overwrite arbitrary files via a symlink attack on the (1) scan.pnm and (2) scan.jpg temporary files.... Read more

    Affected Products : fedora_core
    • Published: Nov. 26, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2007-3107

    The signal handling in the Linux kernel before 2.6.22, including 2.6.2, when running on PowerPC systems using HTX, allows local users to cause a denial of service via unspecified vectors involving floating point corruption and concurrency, related to clea... Read more

    Affected Products : linux_kernel
    • Published: Jul. 10, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2006-7129

    ISS BlackICE PC Protection 3.6 cpj and cpu, and possibly earlier versions, allows local users to bypass the protection scheme by using the ZwDeleteFile API function to delete the critical filelock.txt file, which stores information about protected files.... Read more

    Affected Products : blackice_pc_protection
    • Published: Mar. 06, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2006-7215

    The Intel Core 2 Extreme processor X6800 and Core 2 Duo desktop processor E6000 and E4000 incorrectly set the memory page Access (A) bit for a page in certain circumstances involving proximity of the code segment limit to the end of a code page, which has... Read more

    • Published: Jul. 03, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2007-0710

    The Bonjour functionality in iChat in Apple Mac OS X 10.3.9 allows remote attackers to cause a denial of service (persistent application crash) via unspecified vectors, possibly related to CVE-2007-0614.... Read more

    Affected Products : mac_os_x ichat
    • Published: Feb. 16, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2007-3722

    The 4BSD process scheduler in the FreeBSD kernel performs scheduling based on CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption) by performing voluntary nanosecond sleeps that... Read more

    Affected Products : freebsd
    • Published: Jul. 12, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2006-7204

    The imap_body function in PHP before 4.4.4 does not implement safemode or open_basedir checks, which allows local users to read arbitrary files or list arbitrary directory contents.... Read more

    Affected Products : php
    • Published: May. 22, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2007-0636

    Unspecified vulnerability in inotify before 0.3.5 has unknown impact and attack vectors, related to "access rights to watched files."... Read more

    Affected Products : incron
    • Published: Jan. 31, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2005-2142

    Directory traversal vulnerability in Golden FTP Server 2.60 allows remote authenticated attackers to list arbitrary directories via a "\.." (backslash dot dot) in an LS (LIST) command.... Read more

    Affected Products : golden_ftp_server
    • Published: Jul. 05, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2007-3724

    The process scheduler in the Microsoft Windows XP kernel does not make use of the process statistics kept by the kernel, performs scheduling based on CPU billing gathered from periodic process sampling ticks, and gives preference to "interactive" processe... Read more

    Affected Products : windows_xp
    • Published: Jul. 12, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 293983 Results