Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2014-6211

    The command-line scripts in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 2 through 8, when debugging is configured, do not properly restrict the logging of personal data, which allows local users to obtain sensiti... Read more

    Affected Products : websphere_commerce
    • Published: May. 20, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-7230

    The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.... Read more

    Affected Products : ubuntu_linux openstack nova cinder trove
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-8526

    McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local users to obtain sensitive information by reading a Java stack trace.... Read more

    Affected Products : network_data_loss_prevention
    • Published: Oct. 29, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2025-22149

    JWK Set (JSON Web Key Set) is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite ... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Misconfiguration

  • 2.1

    LOW
    CVE-2014-8399

    The default configuration in systemd-shim 8 enables the Abandon debugging clause, which allows local users to cause a denial of service via unspecified vectors.... Read more

    Affected Products : shim
    • Published: Oct. 31, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2009-3554

    Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain sensit... Read more

    • Published: Dec. 15, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2005-2520

    The password assistant in Mac OS X 10.4 to 10.4.2, when used to create multiple accounts from the same process, does not reset the suggested password list when the assistant is displayed, which allows attackers to view recently used passwords.... Read more

    Affected Products : mac_os_x
    • Published: Aug. 19, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2014-8135

    The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted offset value in a "vi... Read more

    Affected Products : libvirt
    • Published: Dec. 19, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2012-3430

    The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg sy... Read more

    Affected Products : linux_kernel
    • Published: Oct. 03, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-7080

    Siri in Apple iOS before 9.2 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state.... Read more

    Affected Products : iphone_os
    • Published: Dec. 11, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2008-2367

    Red Hat Certificate System 7.2 uses world-readable permissions for password.conf and unspecified other configuration files, which allows local users to discover passwords by reading these files.... Read more

    Affected Products : certificate_system
    • Published: Jan. 20, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2008-3528

    The error-reporting functionality in (1) fs/ext2/dir.c, (2) fs/ext3/dir.c, and possibly (3) fs/ext4/dir.c in the Linux kernel 2.6.26.5 does not limit the number of printk console messages that report directory corruption, which allows physically proximate... Read more

    Affected Products : linux_kernel
    • Published: Sep. 27, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2006-0363

    The "Remember my Password" feature in MSN Messenger 7.5 stores passwords in an encrypted format under the HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Creds registry key, which might allow local users to obtain the original passwords via a program tha... Read more

    Affected Products : msn_messenger
    • Published: Jan. 22, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-0379

    FreeBSD kernel 5.4-STABLE and 6.0 does not completely initialize a buffer before making it available to userland, which could allow local users to read portions of kernel memory.... Read more

    Affected Products : freebsd
    • Published: Jan. 25, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-0516

    Unspecified vulnerability in the kernel processing in Solaris 10 64 bit platform, when running in 64-bit mode, allows local users to cause a denial of service (system panic) via unknown attack vectors.... Read more

    Affected Products : solaris
    • Published: Feb. 02, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-3276

    The sys_get_thread_area function in process.c in Linux 2.6 before 2.6.12.4 and 2.6.13 does not clear a data structure before copying it to userspace, which might allow a user process to obtain sensitive information.... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: Oct. 21, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2008-2368

    Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords by rea... Read more

    Affected Products : certificate_system
    • Published: Jan. 20, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2008-3426

    Unspecified vulnerability in the Solaris Platform Information and Control Library daemon (picld) in Sun Solaris 8 through 10, and OpenSolaris builds snv_01 through snv_95, allows local users to cause a denial of service via unknown vectors that prevent op... Read more

    Affected Products : solaris opensolaris sunos
    • Published: Jul. 31, 2008
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-1999-0442

    Solaris ff.core allows local users to modify files.... Read more

    Affected Products : solaris sunos
    • Published: Jan. 07, 1999
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-0427

    Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0 and 8.1 through SP5 allows malicious EJBs or servlet applications to decrypt system passwords, possibly by accessing functionality that should have been restricted.... Read more

    Affected Products : weblogic_server
    • Published: Jan. 25, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293353 Results