Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2014-5038

    Eucalyptus 3.0.0 through 4.0.1, when the log level is set to DEBUG or lower, logs user and system passwords, which allows local users to obtain sensitive information by reading the cloud log files.... Read more

    Affected Products : eucalyptus
    • EPSS Score: %0.06
    • Published: Nov. 07, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2005-4690

    Six Apart Movable Type 3.16 allows local users with blog-creation privileges to create or overwrite arbitrary files of certain types (such as HTML and image files) by selecting an arbitrary directory as a blog's top-level directory. NOTE: this issue can ... Read more

    Affected Products : movable_type
    • EPSS Score: %0.08
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-4412

    Citrix Program Neighborhood client before 9.150 caches the user password in plaintext in the GUI while asterisks are used to visually obfuscate the password, which allows attackers with access to the session to obtain the password by using a tool to direc... Read more

    Affected Products : program_neighborhood_client
    • EPSS Score: %0.09
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2016-3888

    internal/telephony/SMSDispatcher.java in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism, ... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Sep. 11, 2016
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2003-1246

    NtCreateSymbolicLinkObject in ntdll.dll in Integrity Protection Driver (IPD) 1.2 and 1.3 allows local users to create and overwrite arbitrary files via a symlink attack on \winnt\system32\drivers using the subst command.... Read more

    Affected Products : integrity_protection_driver
    • EPSS Score: %0.06
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1204

    FluxBox 0.9.10 and earlier versions allows local users to cause a denial of service (application crash) by calling Xman with a long -title value, possibly triggering a buffer overflow.... Read more

    Affected Products : fluxbot
    • EPSS Score: %0.06
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2012-1644

    The Organic Groups (OG) Vocabulary module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with certain administrator permissions to modify the vocabularies of other groups via unspecified vectors.... Read more

    Affected Products : drupal og_vocab
    • EPSS Score: %0.28
    • Published: Aug. 28, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2008-5915

    An unspecified function in the JavaScript implementation in Google Chrome creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up... Read more

    Affected Products : chrome
    • EPSS Score: %0.52
    • Published: Jan. 20, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2014-4768

    IBM Unified Extensible Firmware Interface (UEFI) on Flex System x880 X6, System x3850 X6, and System x3950 X6 devices allows remote authenticated users to cause an unspecified temporary denial of service by using privileged access to enable a legacy boot ... Read more

    • EPSS Score: %0.36
    • Published: Jun. 28, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2008-5912

    An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a ... Read more

    Affected Products : internet_explorer
    • EPSS Score: %17.14
    • Published: Jan. 20, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2002-1610

    Unknown vulnerability in ping in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to cause a denial of service.... Read more

    Affected Products : hp-ux tru64
    • EPSS Score: %0.13
    • Published: Aug. 30, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2012-4899

    WellinTech KingView 6.5.3 and earlier uses a weak password-hashing algorithm, which makes it easier for local users to discover credentials by reading an unspecified file.... Read more

    Affected Products : kingview
    • EPSS Score: %0.06
    • Published: Oct. 10, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2003-1295

    Unspecified vulnerability in xscreensaver 4.12, and possibly other versions, allows attackers to cause xscreensaver to crash via unspecified vectors "while verifying the user-password."... Read more

    Affected Products : enterprise_linux suse_linux
    • EPSS Score: %0.06
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2014-7835

    webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not ensure that a file upload is for a private or draft area, which allows remote authenticated users to upload files containing JavaScript, and consequently conduct cross-site... Read more

    Affected Products : moodle
    • EPSS Score: %0.18
    • Published: Nov. 24, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2002-2126

    restrictEnabled in Integrity Protection Driver (IPD) 1.2 delays driver installation for 20 minutes, which allows local users to insert malicious code by setting system clock to an earlier time.... Read more

    Affected Products : integrity_protection_driver
    • EPSS Score: %0.07
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2012-2071

    Cross-site scripting (XSS) vulnerability in the Contact Forms module 6.x-1.x before 6.x-1.13 for Drupal when the core contact form is enabled, allows remote authenticated users with the administer site-wide contact form permission to inject arbitrary web ... Read more

    Affected Products : drupal contact_forms
    • EPSS Score: %0.34
    • Published: Aug. 14, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2006-5806

    SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when configured to spawn a web browser after a successful connection, stores sensitive browser session information in a directory outside of the CSD vault and does not restrict the user from saving f... Read more

    Affected Products : secure_desktop
    • EPSS Score: %0.09
    • Published: Nov. 08, 2006
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2007-3654

    The display driver allocattr functions in NetBSD 3.0 through 4.0_BETA2, and NetBSD-current before 20070728, allow local users to cause a denial of service (panic) via a (1) negative or (2) large value in an ioctl call, as demonstrated by the vga_allocattr... Read more

    Affected Products : netbsd
    • EPSS Score: %0.07
    • Published: Sep. 17, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2015-1355

    Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak password-hash algorithm, which makes it easier for local users to determine cleartext passwords by reading a project file and conducting a brute-force attack.... Read more

    Affected Products : simatic_step_7
    • EPSS Score: %0.06
    • Published: Feb. 18, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2007-3721

    The ULE process scheduler in the FreeBSD kernel gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Supe... Read more

    Affected Products : freebsd
    • EPSS Score: %0.06
    • Published: Jul. 12, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 291773 Results