Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-1999-1423

    ping in Solaris 2.3 through 2.6 allows local users to cause a denial of service (crash) via a ping request to a multicast address through the loopback interface, e.g. via ping -i.... Read more

    Affected Products : solaris sunos
    • Published: Jun. 26, 1997
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2014-8537

    McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local users to obtain sensitive information by reading the logs.... Read more

    Affected Products : network_data_loss_prevention
    • Published: Oct. 29, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2013-1393

    Cross-site scripting (XSS) vulnerability in the CurvyCorners module 6.x-1.x and 7.x-1.x for Drupal allows remote authenticated users with the "administer curvycorners" permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal curvycorners
    • Published: Jun. 20, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2000-0232

    Microsoft TCP/IP Printing Services, aka Print Services for Unix, allows an attacker to cause a denial of service via a malformed TCP/IP print request.... Read more

    • Published: Mar. 30, 2000
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2013-1784

    Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Clean Theme before 7.x-1.3 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal clean_theme
    • Published: Mar. 27, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2005-1405

    HTTP response splitting vulnerability in the @SetHTTPHeader function in Lotus Domino 6.5.x before 6.5.4 and 6.0.x before 6.0.5 allows attackers to poison the web cache via malicious applications.... Read more

    Affected Products : lotus_notes
    • Published: May. 03, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2013-4820

    Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, IceWall SSO SAML2 Agent Option 8.0, IceWall SSO JAVA Agent Library 8.0 through 10.0, IceWall Federation Agent 3.... Read more

    • Published: Sep. 23, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-4577

    A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file.... Read more

    Affected Products : grub2 grub
    • Published: May. 12, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2012-2070

    Cross-site scripting (XSS) vulnerability in the MultiBlock module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer blocks permission to inject arbitrary web script or HTML via the block tit... Read more

    Affected Products : drupal multiblock
    • Published: Aug. 14, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2023-22473

    Talk-Android enables users to have video & audio calls through Nextcloud on Android. Due to passcode bypass, an attacker is able to access the user's Nextcloud files and view conversations. To exploit this the attacker needs to have physical access to the... Read more

    Affected Products : talk nextcloud_server notes
    • Published: Jan. 09, 2023
    • Modified: Nov. 21, 2024

  • 2.1

    LOW
    CVE-2012-1659

    Cross-site scripting (XSS) vulnerability in the Node Recommendation module 6.x-1.x before 6.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal noderecommendation
    • Published: Sep. 18, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-1977

    OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file.... Read more

    Affected Products : devstack
    • Published: May. 21, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-2724

    Cross-site scripting (XSS) vulnerability in the Hierarchical Select module 5.x before 5.x-3.2 and 6.x before 6.x-3.2 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via unspecified... Read more

    Affected Products : drupal hierarchical_select
    • Published: Jul. 13, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2001-1503

    The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS 5.5 through 5.8 allows remote attackers to list all accounts on a host by typing finger 'a b c d e f g h'@host.... Read more

    Affected Products : solaris sunos
    • Published: Dec. 31, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2012-5509

    aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local users to read credentials by reading this file.... Read more

    • Published: Mar. 12, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-3361

    Cross-site scripting (XSS) vulnerability in the Linkit module before 7.x-2.7 and 7.x-3.x before 7.x-3.3 for Drupal, when the node search plugin is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a node title.... Read more

    Affected Products : linkit linkit
    • Published: Apr. 21, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2012-5553

    Multiple cross-site scripting (XSS) vulnerabilities in the OM Maximenu module 6.x-1.x before 6.x-1.44 and 7.x-1.x before 7.x-1.44 for Drupal allow remote authenticated users with the "administer OM Maximenu" permission to inject arbitrary web script or HT... Read more

    Affected Products : drupal om_maximenu
    • Published: Dec. 03, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-2579

    Unspecified vulnerability in the Oracle Health Sciences Argus Safety component in Oracle Health Sciences Applications 8.0 allows local users to affect confidentiality via vectors related to BIP Installer.... Read more

    Affected Products : health_sciences_applications
    • Published: Apr. 16, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2006-5659

    PAM_extern before 0.2 sends a password as a command line argument, which allows local users to obtain the password by listing the command line arguments, such as ps. NOTE: the provenance of this information is unknown; the details are obtained solely fro... Read more

    Affected Products : pam_extern
    • Published: Nov. 03, 2006
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2012-4493

    Cross-site scripting (XSS) vulnerability in the administrative interface in the Better Revisions module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer better revisions" permission to inject arbitrary web script or... Read more

    Affected Products : drupal better_revisions
    • Published: Nov. 02, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 292870 Results