Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-1999-0694

    Denial of service in AIX ptrace system call allows local users to crash the system.... Read more

    Affected Products : aix
    • Published: Aug. 11, 1999
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2001-1270

    Directory traversal vulnerability in the console version of PKZip (pkzipc) 4.00 and earlier allows attackers to overwrite arbitrary files during archive extraction with the -rec (recursive) option via a .. (dot dot) attack on the archived files.... Read more

    Affected Products : pkzip
    • Published: Jul. 12, 2001
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-5204

    Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be le... Read more

    Affected Products : invision_power_board
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2005-4755

    BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) stores the private key passphrase (CustomTrustKeyStorePassPhrase) in cleartext in nodemanager.config; or, during domain creation with the Configuration Wizard, renders an SSL private key pas... Read more

    Affected Products : weblogic_server
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-1271

    Macromedia Dreamweaver uses weak encryption to store FTP passwords, which could allow local users to easily decrypt the passwords of other users.... Read more

    Affected Products : dreamweaver
    • Published: Jun. 11, 1998
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-1999-1285

    Linux 2.1.132 and earlier allows local users to cause a denial of service (resource exhaustion) by reading a large buffer from a random device (e.g. /dev/urandom), which cannot be interrupted until the read has completed.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 27, 1998
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2013-3929

    Cross-site scripting (XSS) vulnerability in admin/editevent.php in CMS Made Simple (CMSMS) 1.11.9 allows remote authenticated users with the "Modify Events" permission to inject arbitrary web script or HTML via the handler parameter.... Read more

    Affected Products : cms_made_simple
    • Published: Dec. 09, 2013
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2000-0387

    The makelev program in the golddig game from the FreeBSD ports collection allows local users to overwrite arbitrary files.... Read more

    Affected Products : golddig
    • Published: May. 09, 2000
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2014-2466

    Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.... Read more

    Affected Products : supply_chain_products_suite
    • Published: Apr. 16, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2000-0458

    The MSWordView application in IMP creates world-readable files in the /tmp directory, which allows other local users to read potentially sensitive information.... Read more

    Affected Products : imp
    • Published: Apr. 22, 2000
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2007-1194

    Norman SandBox Analyzer does not use the proper range for Interrupt Descriptor Table (IDT) entries, which allows local users to determine that the local machine is an emulator, or a similar environment not based on a physical Intel processor, which allows... Read more

    Affected Products : norman_sandbox_analyzer
    • Published: Mar. 02, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2012-4492

    Multiple cross-site scripting (XSS) vulnerabilities in the Shorten URLs module 6.x-1.x before 6.x-1.13 and 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified v... Read more

    Affected Products : drupal shorten
    • Published: Oct. 31, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2009-2031

    smbfs in Sun OpenSolaris snv_84 through snv_110, when default mount permissions are used, allows local users to read arbitrary files, and list arbitrary directories, on CIFS volumes.... Read more

    Affected Products : opensolaris
    • Published: Jun. 11, 2009
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2014-8518

    The (1) Removable Media and (2) CD and DVD encryption offsite access options (formerly Endpoint Encryption for Removable Media or EERM) in McAfee File and Removable Media Protection (FRP) 4.3.0.x, and Endpoint Encryption for Files and Folders (EEFF) 3.2.x... Read more

    • Published: Oct. 29, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-8529

    McAfee Network Data Loss Prevention (NDLP) before 9.3 stores the SSH key in cleartext, which allows local users to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : network_data_loss_prevention
    • Published: Oct. 29, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2012-1654

    Multiple cross-site scripting (XSS) vulnerabilities in the Data module 6.x-1.x before 6.x-1.0 and 7.x-1.x before 7.x-1.0-alpha3 for Drupal allow remote authenticated users with the administer data tables permission to inject arbitrary web script or HTML v... Read more

    Affected Products : drupal data
    • Published: Sep. 18, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-5231

    The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to extract the password from storage via unspecified vectors.... Read more

    • Published: Jan. 14, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2023-52275

    Gallery3d on Tecno Camon X CA7 devices allows attackers to view hidden images by navigating to data/com.android.gallery3d/.privatealbum/.encryptfiles and guessing the correct image file extension.... Read more

    Affected Products : camon_x_firmware camon_x
    • Published: Dec. 31, 2023
    • Modified: Nov. 21, 2024

  • 2.1

    LOW
    CVE-2011-0515

    KisKrnl.sys 2011.1.13.89 and earlier in Kingsoft AntiVirus 2011 SP5.2 allows local users to cause a denial of service (crash) via a crafted request that is not properly handled by the KiFastCallEntry hook.... Read more

    • Published: Jan. 20, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2002-0377

    Gaim 0.57 stores sensitive information in world-readable and group-writable files in the /tmp directory, which allows local users to access MSN web email accounts of other users who run Gaim by reading authentication information from the files.... Read more

    Affected Products : gaim
    • Published: May. 29, 2002
    • Modified: Apr. 03, 2025
Showing 20 of 293555 Results