Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2013-6494

    fedup 0.9.0 in Fedora 19, 20, and 21 uses a temporary directory with a static name for its download cache, which allows local users to cause a denial of service (prevention of system updates).... Read more

    Affected Products : fedora fedup
    • Published: Dec. 02, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2002-2039

    /bin/su in QNX realtime operating system (RTOS) 4.25 and 6.1.0 allows local users to obtain sensitive information from core dump files by sending the SIGSERV (invalid memory reference) signal.... Read more

    Affected Products : rtos
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-1876

    Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS.... Read more

    Affected Products : exchange_server
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2003-0193

    msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users to overwrite arbitrary files via a symlink attack on predictable temporary file names ("word$$.html").... Read more

    Affected Products : catdoc
    • Published: Aug. 18, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2012-3146

    Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect integrity via unknown vectors.... Read more

    Affected Products : database_server
    • Published: Oct. 16, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-3718

    Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes.... Read more

    Affected Products : mac_os_x mac_os_x_server mac_os_x
    • Published: Sep. 20, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2003-0071

    The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop.... Read more

    Affected Products : x11r6
    • Published: Mar. 03, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2013-0348

    thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file.... Read more

    Affected Products : fedora opensuse thttpd linux sthttpd
    • Published: Dec. 13, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-5297

    WordPress before 3.0.1, when a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic c... Read more

    Affected Products : wordpress
    • Published: Jan. 21, 2014
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2012-3731

    Mail in Apple iOS before 6 does not properly implement the Data Protection feature for e-mail attachments, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors.... Read more

    Affected Products : iphone_os
    • Published: Sep. 20, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2002-2280

    syslogd on OpenBSD 2.9 through 3.2 does not change the source IP address of syslog packets when the machine's IP addressed is changed without rebooting, e.g. via ifconfig, which can cause incorrect information to be sent to the syslog server.... Read more

    Affected Products : openbsd
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2011-0180

    Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local users to read arbitrary (1) HFS, (2) HFS+, or (3) HFS+J files via a crafted F_READBOOTSTRAP ioctl call.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Mar. 23, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2008-1033

    The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to "authentication environment var... Read more

    Affected Products : cups mac_os_x mac_os_x_server
    • Published: Jun. 02, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2025-3840

    An improper neutralization of input vulnerability was identified in the End of Life (EOL) OVA based connect installer component which is deployed for installation purposes in a customer network. This EOL component was deprecated in September 2023 with end... Read more

    Affected Products :
    • Published: Apr. 21, 2025
    • Modified: Apr. 21, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.1

    LOW
    CVE-2005-0624

    reportbug before 2.62 creates the .reportbugrc configuration file with world-readable permissions, which allows local users to obtain email smarthost passwords.... Read more

    Affected Products : reportbug
    • Published: Feb. 28, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-2440

    Unspecified vulnerability in cmdline.c in proxytunnel 1.1.3 and earlier allows local users to obtain proxy credentials (username or password) of other users.... Read more

    Affected Products : proxytunnel
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0161

    Multiple directory traversal vulnerabilities in unace 1.2b allow attackers to overwrite arbitrary files via an ACE archive containing (1) ../ sequences or (2) absolute pathnames.... Read more

    Affected Products : unace
    • Published: Feb. 22, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-2684

    Unspecified vulnerability in the %template package in InterSystems Cache' 5.0 allows attackers to access certain files on a server, including (1) cache.key and (2) cache.dat, related to .csp files under (a) Dev\studio\templates and (b) Devuser\studio\temp... Read more

    Affected Products : cache_database
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0321

    MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows remote authenticated users to gain sensitive information via an HTTP request to (1) calendar_d.html, (2) calendar_m.html, (3) calendar_w.html, or (4) calendar_y.html, which reveal the installation... Read more

    Affected Products : web_mail mail_server
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-2658

    resmgr in SUSE CORE 9 does not properly identify terminal names, which allows local users to spoof terminals and login types.... Read more

    Affected Products : suse_linux
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 293951 Results