Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2015-5513

    Cross-site scripting (XSS) vulnerability in the Shibboleth authentication module 6.x-4.x before 6.x-4.2 and 7.x-4.x before 7.x-4.2 for Drupal allows remote authenticated users with the "Administer blocks" permission to inject arbitrary web script or HTML ... Read more

    • Published: Aug. 18, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2004-1713

    Unknown vulnerability in HP Process Resource Manager (PRM) C.02.01[.01] and earlier, as used by HP-UX Workload Manager (WLM), allows local users to corrupt data files.... Read more

    • Published: Aug. 10, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-1627

    Unknown vulnerability in Viewglob before 2.0.1, related to "a potential security issue with the Viewglob display and ssh X forwarding," has unknown impact.... Read more

    Affected Products : viewglob
    • Published: May. 17, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2015-2027

    IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 improperly performs logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.... Read more

    Affected Products : websphere_extreme_scale
    • Published: Oct. 04, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-8607

    The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! provides the MySQL username and password on the command line, which allows local users to obtain sensitive information via the ps command.... Read more

    Affected Products : xcloner
    • Published: Jun. 10, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2002-1587

    The libthread library (libthread.so.1) for Solaris 2.5.1 through 8 allows local users to cause a denial of service (hang) of an application that uses libthread by causing the application to wait for a certain mutex.... Read more

    Affected Products : solaris sunos
    • Published: Dec. 04, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2003-1099

    shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files with predictable names in /tmp, which allows local users to cause a denial of service and possibly execute arbitrary code via a symlink attack.... Read more

    Affected Products : hp-ux
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2008-7207

    RivetTracker before 1.0 stores passwords in cleartext in config.php, which allows local users to discover passwords by reading config.php.... Read more

    Affected Products : rivettracker
    • Published: Sep. 11, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2005-1518

    Unknown vulnerability in Solaris 7 through 9, when using Federated Naming Services (FNS), autofs, and FNS X.500 configuration, allows local users to cause a denial of service (automountd crash) when "accessing" /xfn/_x500.... Read more

    Affected Products : solaris sunos
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2010-0384

    Tor 0.2.2.x before 0.2.2.7-alpha, when functioning as a directory mirror, does not prevent logging of the client IP address upon detection of erroneous client behavior, which might make it easier for local users to discover the identities of clients in op... Read more

    Affected Products : tor tor
    • Published: Jan. 25, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2015-6752

    Cross-site scripting (XSS) vulnerability in the Search API Autocomplete module 7.x-1.x before 7.x-1.3 for Drupal, when the search index is configured to use the HTML filter processor, allows remote authenticated users with certain permissions to inject ar... Read more

    Affected Products : search_api_autocomplete
    • Published: Aug. 31, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-6557

    IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 5.5 before 5.5.6.1, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 5.5 before ... Read more

    • Published: Aug. 23, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2004-1689

    sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root privileges, which allows local users to read arbitrary files via a symlink attack on the temporary file before quitting sudoedit.... Read more

    Affected Products : sudo
    • Published: Sep. 16, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2012-2708

    Cross-site scripting (XSS) vulnerability in the _hosting_task_log_table function in modules/hosting/task/hosting_task.module in the Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal allows remote authenticated users with certain permissions to i... Read more

    Affected Products : drupal hostmaster hostmaster
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2011-0636

    The (1) cudaHostAlloc and (2) cuMemHostAlloc functions in the NVIDIA CUDA Toolkit 3.2 developer drivers for Linux 260.19.26, and possibly other versions, do not initialize pinned memory, which allows local users to read potentially sensitive memory, such ... Read more

    Affected Products : cuda_toolkit
    • Published: Jan. 22, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-8733

    Cloudera Manager 5.2.0, 5.2.1, and 5.3.0 stores the LDAP bind password in plaintext in unspecified world-readable files under /etc/hadoop, which allows local users to obtain this password.... Read more

    Affected Products : cloudera_manager
    • Published: Feb. 10, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2005-0923

    The SmartScan feature in the Auto-Protect module for Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (CPU consumption and system crash) by renam... Read more

    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-1540

    shell-lock in Cactus Software Shell Lock uses weak encryption (trivial encoding) which allows attackers to easily decrypt and obtain the source code.... Read more

    Affected Products : shell-lock
    • Published: Oct. 04, 1999
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-1364

    Windows NT 4.0 allows local users to cause a denial of service (crash) via an illegal kernel mode address to the functions (1) GetThreadContext or (2) SetThreadContext.... Read more

    Affected Products : windows_nt
    • Published: Dec. 31, 1999
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2003-0175

    SGI IRIX before 6.5.21 allows local users to cause a denial of service (kernel panic) via a certain call to the PIOCSWATCH ioctl.... Read more

    Affected Products : irix
    • Published: Feb. 03, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 293436 Results