Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2001-1270

    Directory traversal vulnerability in the console version of PKZip (pkzipc) 4.00 and earlier allows attackers to overwrite arbitrary files during archive extraction with the -rec (recursive) option via a .. (dot dot) attack on the archived files.... Read more

    Affected Products : pkzip
    • Published: Jul. 12, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-1271

    Directory traversal vulnerability in rar 2.02 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) attack on archived filenames.... Read more

    Affected Products : rar
    • Published: Jul. 12, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-3696

    filtnt.sys in Outpost Firewall Pro before 3.51.759.6511 (462) allows local users to cause a denial of service (crash) via long arguments to mshta.exe.... Read more

    Affected Products : outpost_firewall
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2000-1197

    POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for ot... Read more

    Affected Products : imap
    • Published: Aug. 31, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2011-5189

    Cross-site scripting (XSS) vulnerability in the Webform Validation module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with permissions to "update Webform nodes" to inject arbitrary web script or HTML via ... Read more

    Affected Products : drupal webform_validation
    • Published: Sep. 20, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2001-1520

    Xircom REX 6000 allows local users to obtain the 10 digit PIN by starting a serial monitor, connecting to the personal digital assistant (PDA) via Rextools, and capturing the cleartext PIN.... Read more

    Affected Products : xircom_rex_6000
    • Published: Dec. 31, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2002-1231

    SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to cause a denial of service via an rcp call on /proc.... Read more

    Affected Products : unixware openunix
    • Published: Nov. 04, 2002
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2014-3099

    Unspecified vulnerability in the Security component in IBM Systems Director 6.3.0 through 6.3.5 allows local users to obtain sensitive information via unknown vectors.... Read more

    Affected Products : systems_director
    • Published: Dec. 06, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2025-22272

    In the "/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg" endpoint, it is possible to inject code in the "modalDlgMsgInternal" parameter via POST, which is then executed in the browser. The risk of exploiting vulnerability is reduced due to the required ... Read more

    Affected Products :
    • Published: Feb. 28, 2025
    • Modified: Mar. 05, 2025
    • Vuln Type: Injection

  • 2.1

    LOW
    CVE-2015-1598

    The Siemens SPCanywhere application for Android does not properly store application passwords, which allows physically proximate attackers to obtain sensitive information by examining the device filesystem.... Read more

    Affected Products : spcanywhere
    • Published: Mar. 07, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2024-31747

    An issue in Yealink VP59 Microsoft Teams Phone firmware 91.15.0.118 (fixed in 122.15.0.142) allows a physically proximate attacker to disable the phone lock via the Walkie Talkie menu option.... Read more

    Affected Products : vp59_firmware
    • Published: Apr. 29, 2024
    • Modified: Jul. 30, 2025

  • 2.1

    LOW
    CVE-1999-0484

    Buffer overflow in OpenBSD ping.... Read more

    Affected Products : openbsd
    • Published: Feb. 23, 1999
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-0374

    Debian GNU/Linux cfengine package is susceptible to a symlink attack.... Read more

    Affected Products : debian_linux
    • Published: Feb. 16, 1999
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-1288

    Windows 2000 and Windows NT allows local users to cause a denial of service (reboot) by executing a command at the command prompt and pressing the F7 and enter keys several times while the command is executing, possibly related to an exception handling er... Read more

    Affected Products : windows_2000 windows_nt
    • Published: Jul. 27, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-1430

    PIM software for Royal daVinci does not properly password-protext access to data stored in the .mdb (Microsoft Access) file, which allows local users to read the data without a password by directly accessing the files with a different application, such as... Read more

    Affected Products : davinci
    • Published: Jan. 01, 1999
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2000-0276

    BeOS 4.5 and 5.0 allow local users to cause a denial of service via malformed direct system calls using interrupt 37.... Read more

    Affected Products : beos
    • Published: Apr. 10, 2000
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-1294

    Office Shortcut Bar (OSB) in Windows 3.51 enables backup and restore permissions, which are inherited by programs such as File Manager that are started from the Shortcut Bar, which could allow local users to read folders for which they do not have permiss... Read more

    Affected Products : windows_nt
    • Published: Dec. 31, 1999
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-0990

    Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system.... Read more

    Affected Products : gdm
    • Published: Dec. 05, 1999
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-1855

    Backup Manager (backup-manager) before 0.5.8 creates backup files with world-readable default permissions, which allows local users to obtain sensitive information.... Read more

    Affected Products : debian_linux backup_manager
    • Published: Aug. 30, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2000-1190

    imwheel-solo in imwheel package allows local users to modify arbitrary files via a symlink attack from the .imwheelrc file.... Read more

    Affected Products : imwheel
    • Published: Aug. 31, 2001
    • Modified: Apr. 03, 2025
Showing 20 of 293590 Results