Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-1999-1364

    Windows NT 4.0 allows local users to cause a denial of service (crash) via an illegal kernel mode address to the functions (1) GetThreadContext or (2) SetThreadContext.... Read more

    Affected Products : windows_nt
    • Published: Dec. 31, 1999
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-1011

    LetterMerger 1.2 stores user information in Access database files with insecure permissions, which allows local users to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party i... Read more

    Affected Products : lettermerger
    • Published: Mar. 06, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1894

    TEXutil in ConTEXt, when executed with the --silent option, allows local users to overwrite arbitrary files via a symlink attack on texutil.log.... Read more

    Affected Products : context
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-0666

    Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox.... Read more

    Affected Products : exchange_server
    • Published: Oct. 30, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2013-3952

    The fill_pipeinfo function in bsd/kern/sys_pipe.c in the XNU kernel in Apple Mac OS X 10.8.x allows local users to defeat the KASLR protection mechanism via the PROC_PIDFDPIPEINFO option to the proc_info system call for a kernel pipe handle.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Jun. 05, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-3949

    The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not prevent use of the _POSIX_SPAWN_DISABLE_ASLR and _POSIX_SPAWN_ALLOW_DATA_EXEC flags for setuid and setgid programs, which allows local users to bypass intended access restrict... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Jun. 05, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2025-43753

    A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.32 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through ... Read more

    Affected Products : liferay_portal dxp
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Cross-Site Scripting

  • 2.1

    LOW
    CVE-2011-5202

    BazisVirtualCDBus.sys in WinCDEmu 3.6 allows local users to cause a denial of service (system crash) via the unmount command to batchmnt.exe.... Read more

    Affected Products : wincdemu
    • Published: Oct. 01, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-1358

    Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privileges, to inject arbitrary web script or HTML via unspeci... Read more

    Affected Products : drupal bibliography
    • Published: Apr. 13, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-5440

    IBM InfoSphere Information Server 8.0, 8.1, 8.5, 8.7, and 9.1 allows local users to obtain sensitive information in opportunistic circumstances by leveraging the presence of file content after a failed installation.... Read more

    Affected Products : infosphere_information_server
    • Published: Dec. 18, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2021-2141

    Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Pre Login). Supported versions that are affected are 12.0.2 and 12.0.3. Difficult to exploit vulnerability allows high privileged attacker wi... Read more

    Affected Products : flexcube_direct_banking
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 2.1

    LOW
    CVE-2012-2297

    Multiple cross-site scripting (XSS) vulnerabilities in the Creative Commons module 6.x-1.x before 6.x-1.1 for Drupal allow remote authenticated users with the administer creative commons permission to inject arbitrary web script or HTML via the (1) creati... Read more

    Affected Products : drupal creativecommons
    • Published: Aug. 26, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2000-0565

    SmartFTP Daemon 0.2 allows a local user to access arbitrary files by uploading and specifying an alternate user configuration file via a .. (dot dot) attack.... Read more

    Affected Products : smartftp_daemon
    • Published: Jun. 13, 2000
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-1446

    Internet Explorer 3 records a history of all URL's that are visited by a user in DAT files located in the Temporary Internet Files and History folders, which are not cleared when the user selects the "Clear History" option, and are not visible when the us... Read more

    Affected Products : internet_explorer
    • Published: Aug. 05, 1997
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2000-0489

    FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of service by creating a large number of socket pairs using the socketpair function, setting a large buffer size via setsockopt, then writing large buffers.... Read more

    Affected Products : freebsd netbsd openbsd
    • Published: Sep. 05, 1999
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2000-0502

    Mcafee VirusScan 4.03 does not properly restrict access to the alert text file before it is sent to the Central Alert Server, which allows local users to modify alerts in an arbitrary fashion.... Read more

    Affected Products : virusscan
    • Published: Jun. 08, 2000
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2013-7128

    Valve Bug Reporter in the valve-bugreporter package 2.10+bsos1 in Valve SteamOS Beta stores cleartext credentials in a .valve-bugreporter.cfg file upon a Remember Credentials action, which allows local users to obtain sensitive information by reading this... Read more

    Affected Products : steamos
    • Published: Dec. 17, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2000-0264

    Panda Security 3.0 with registry editing disabled allows users to edit the registry and gain privileges by directly executing a .reg file or using other methods.... Read more

    Affected Products : panda_security
    • Published: Apr. 17, 2000
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2013-0227

    Cross-site scripting (XSS) vulnerability in the Search API Sorts module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified field labels.... Read more

    Affected Products : drupal search_api_sorts
    • Published: Mar. 19, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-1999-1408

    Vulnerability in AIX 4.1.4 and HP-UX 10.01 and 9.05 allows local users to cause a denial of service (crash) by using a socket to connect to a port on the localhost, calling shutdown to clear the socket, then using the same socket to connect to a different... Read more

    Affected Products : aix hp-ux
    • Published: Mar. 05, 1997
    • Modified: Apr. 03, 2025
Showing 20 of 294121 Results