Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2005-2302

    PowerDNS before 2.9.18, when allowing recursion to a restricted range of IP addresses, does not properly handle questions from clients that are denied recursion, which could cause a "blank out" of answers to those clients that are allowed to use recursion... Read more

    Affected Products : powerdns
    • Published: Jul. 19, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0231

    Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with unknown impact, related to "Insecure temporary file and directory creations."... Read more

    • Published: Aug. 18, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-3054

    fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not properly restrict access to other directories when the open_basedir directive includes a trailing slash, which allows PHP scripts in one directory to access files in other directories wh... Read more

    Affected Products : php
    • Published: Sep. 26, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2007-6249

    etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by readi... Read more

    Affected Products : portage linux
    • Published: Dec. 15, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2011-2700

    Multiple buffer overflows in the si4713_write_econtrol_string function in drivers/media/radio/si4713-i2c.c in the Linux kernel before 2.6.39.4 on the N900 platform might allow local users to cause a denial of service or have unspecified other impact via a... Read more

    Affected Products : linux_kernel
    • Published: Sep. 06, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2011-3215

    The kernel in Apple Mac OS X before 10.7.2 does not properly prevent FireWire DMA in the absence of a login, which allows physically proximate attackers to bypass intended access restrictions and discover a password by making a DMA request in the (1) logi... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Oct. 14, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-3735

    The "Query Compiler, Rewrite, Optimizer" component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted query involving certain UNION ALL views, leading to an indefinitely large amou... Read more

    Affected Products : db2
    • Published: Oct. 05, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-5146

    The Remote Filtering component in Websense Web Security and Web Filter before 7.1 Hotfix 66 allows local users to bypass filtering by (1) renaming the WDC.exe file or (2) deleting driver files.... Read more

    • Published: Aug. 23, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-2946

    fs/jfs/xattr.c in the Linux kernel before 2.6.35.2 does not properly handle a certain legacy format for storage of extended attributes, which might allow local users by bypass intended xattr namespace restrictions via an "os2." substring at the beginning ... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: Sep. 29, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-2913

    The Citibank Citi Mobile app before 2.0.3 for iOS stores account data in a file, which allows local users to obtain sensitive information via vectors involving (1) the mobile device or (2) a synchronized computer.... Read more

    Affected Products : iphone_os citi_mobile
    • Published: Jul. 30, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-2574

    Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in MantisBT 1.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the name parameter in an Add Category action.... Read more

    Affected Products : mantisbt
    • Published: Aug. 10, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-5075

    Integer overflow in aswFW.sys 5.0.594.0 in Avast! Internet Security 5.0 Korean Trial allows local users to cause a denial of service (memory corruption and panic) via a crafted IOCTL_ASWFW_COMM_PIDINFO_RESULTS DeviceIoControl request to \\.\aswFW.... Read more

    Affected Products : avast\!_internet_security
    • Published: Dec. 28, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-5191

    The syslog implementation in Apple Mac OS X before 10.9 allows local users to obtain sensitive information by leveraging access to the Guest account and reading console-log messages from previous Guest sessions.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Oct. 24, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-2403

    Unspecified vulnerability in the PeopleSoft Enterprise Campus Solutions component in Oracle PeopleSoft and JDEdwards Suite Campus Solutions 9.0 Bundle #17 allows remote authenticated users to affect confidentiality via unknown vectors.... Read more

    • Published: Jul. 13, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2009-4557

    Cross-site scripting (XSS) vulnerability in the Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, allows remote authenticated u... Read more

    Affected Products : drupal img_assist
    • Published: Jan. 04, 2010
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2024-12706

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenText™ Digital Asset Management. T he vulnerability could allow an authenticated user to run arbitrary SQL commands on the underlying database. Thi... Read more

    Affected Products :
    • Published: Apr. 28, 2025
    • Modified: Apr. 29, 2025
    • Vuln Type: Injection

  • 2.1

    LOW
    CVE-2012-5586

    The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via vectors related to the "user index method" and "the path to... Read more

    Affected Products : drupal services
    • Published: Dec. 26, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-4578

    The geli encryption provider 7 before r239184 on FreeBSD 10 uses a weak Master Key, which makes it easier for local users to defeat a cryptographic protection mechanism via a brute-force attack.... Read more

    Affected Products : freebsd geli
    • Published: Aug. 21, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-4496

    Cross-site scripting (XSS) vulnerability in the Custom Publishing Options module 6.x-1.x before 6.x-1.4 for Drupal allows remote authenticated users with the "administer nodes" permission to inject arbitrary web script or HTML via the status labels parame... Read more

    Affected Products : drupal custom_pub
    • Published: Oct. 31, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-6117

    Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to read plaintext passwords by reading the log file.... Read more

    • Published: Mar. 12, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 293640 Results