Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2012-5325

    Multiple cross-site scripting (XSS) vulnerabilities in the scr_do_redirect function in scr.php in the Shortcode Redirect plugin 1.0.01 and earlier for WordPress allow remote authenticated users with certain permissions to inject arbitrary web script or HT... Read more

    Affected Products : wordpress shortcode-redirect
    • Published: Oct. 08, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-3361

    Cross-site scripting (XSS) vulnerability in the Linkit module before 7.x-2.7 and 7.x-3.x before 7.x-3.3 for Drupal, when the node search plugin is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a node title.... Read more

    Affected Products : linkit linkit
    • Published: Apr. 21, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-4577

    A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file.... Read more

    Affected Products : grub2 grub
    • Published: May. 12, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-1999-1423

    ping in Solaris 2.3 through 2.6 allows local users to cause a denial of service (crash) via a ping request to a multicast address through the loopback interface, e.g. via ping -i.... Read more

    Affected Products : solaris sunos
    • Published: Jun. 26, 1997
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2010-2724

    Cross-site scripting (XSS) vulnerability in the Hierarchical Select module 5.x before 5.x-3.2 and 6.x before 6.x-3.2 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via unspecified... Read more

    Affected Products : drupal hierarchical_select
    • Published: Jul. 13, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-1999-1221

    dxchpwd in Digital Unix (OSF/1) 3.x allows local users to modify arbitrary files via a symlink attack on the dxchpwd.log file.... Read more

    Affected Products : unix
    • Published: Nov. 17, 1996
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-0132

    Expreserve, as used in vi and ex, allows local users to overwrite arbitrary files and gain root access.... Read more

    Affected Products : solaris hp-ux sunos
    • Published: Aug. 15, 1996
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2013-1977

    OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file.... Read more

    Affected Products : devstack
    • Published: May. 21, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-4820

    Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, IceWall SSO SAML2 Agent Option 8.0, IceWall SSO JAVA Agent Library 8.0 through 10.0, IceWall Federation Agent 3.... Read more

    • Published: Sep. 23, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2005-1405

    HTTP response splitting vulnerability in the @SetHTTPHeader function in Lotus Domino 6.5.x before 6.5.4 and 6.0.x before 6.0.5 allows attackers to poison the web cache via malicious applications.... Read more

    Affected Products : lotus_notes
    • Published: May. 03, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2012-5509

    aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local users to read credentials by reading this file.... Read more

    • Published: Mar. 12, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2005-2586

    Mentor ADSL-FR4II router running firmware 2.00.0111 stores the web administration password in cleartext in the backup configuration file, which allows local users to obtain sensitive information.... Read more

    Affected Products : adslfr4ii
    • Published: Aug. 16, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2013-2563

    Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file.... Read more

    Affected Products : mambo_cms
    • Published: Jun. 09, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2012-1659

    Cross-site scripting (XSS) vulnerability in the Node Recommendation module 6.x-1.x before 6.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal noderecommendation
    • Published: Sep. 18, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-1393

    Cross-site scripting (XSS) vulnerability in the CurvyCorners module 6.x-1.x and 7.x-1.x for Drupal allows remote authenticated users with the "administer curvycorners" permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal curvycorners
    • Published: Jun. 20, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2023-22473

    Talk-Android enables users to have video & audio calls through Nextcloud on Android. Due to passcode bypass, an attacker is able to access the user's Nextcloud files and view conversations. To exploit this the attacker needs to have physical access to the... Read more

    Affected Products : talk nextcloud_server notes
    • Published: Jan. 09, 2023
    • Modified: Nov. 21, 2024

  • 2.1

    LOW
    CVE-2014-5457

    QNAP TS-469U with firmware 4.0.7 Build 20140410, TS-459U, TS-EC1679U-RP, and SS-839 use world-readable permissions for /etc/config/shadow, which allows local users to obtain usernames and hashed passwords by reading the password.... Read more

    • Published: Aug. 25, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2000-0232

    Microsoft TCP/IP Printing Services, aka Print Services for Unix, allows an attacker to cause a denial of service via a malformed TCP/IP print request.... Read more

    • Published: Mar. 30, 2000
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2014-8537

    McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to obtain sensitive information by reading the logs.... Read more

    Affected Products : network_data_loss_prevention
    • Published: Oct. 29, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2012-2070

    Cross-site scripting (XSS) vulnerability in the MultiBlock module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer blocks permission to inject arbitrary web script or HTML via the block tit... Read more

    Affected Products : drupal multiblock
    • Published: Aug. 14, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 293186 Results