Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.9

    LOW
    CVE-2009-5084

    IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when com.tivoli.am.fim.infocard.delegates.InfoCardSTSDelegate tracing is enabled, creates a cleartext log entry containing a password, which might allow local users to obtain sensitive inf... Read more

    Affected Products : tivoli_federated_identity_manager
    • EPSS Score: %0.05
    • Published: Aug. 12, 2011
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2011-2693

    The perf subsystem in the kernel package 2.6.32-122.el6.x86_64 in Red Hat Enterprise Linux (RHEL) 6 does not properly handle NMIs, which might allow local users to cause a denial of service (excessive log messages) via unspecified vectors.... Read more

    Affected Products : enterprise_linux
    • EPSS Score: %0.05
    • Published: Jun. 08, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2012-3116

    Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and 6.2 allows local users to affect confidentiality via unknown vectors.... Read more

    Affected Products : supply_chain_products_suite
    • EPSS Score: %0.09
    • Published: Jul. 17, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2011-5119

    Multiple race conditions in Comodo Internet Security before 5.8.211697.2124 allow local users to bypass the Defense+ feature via unspecified vectors.... Read more

    Affected Products : comodo_internet_security
    • EPSS Score: %0.04
    • Published: Aug. 26, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2010-2027

    Mathematica 7, when running on Linux, allows local users to overwrite arbitrary files via a symlink attack on (1) files within /tmp/MathLink/ or (2) /tmp/fonts$$.conf.... Read more

    Affected Products : linux_kernel mathematica
    • EPSS Score: %0.03
    • Published: May. 24, 2010
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2023-20512

    A hardcoded AES key in PMFW may result in a privileged attacker gaining access to the key, potentially resulting in internal debug information leakage.... Read more

    Affected Products :
    • Published: Aug. 13, 2024
    • Modified: Oct. 30, 2024

  • 1.9

    LOW
    CVE-2012-6543

    The l2tp_ip6_getname function in net/l2tp/l2tp_ip6.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.06
    • Published: Mar. 15, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2009-5117

    The Web Post Protection feature in McAfee Host Data Loss Prevention (DLP) 3.x before 3.0.100.10 and 9.x before 9.0.0.422, when HTTP Capture mode is enabled, allows local users to obtain sensitive information from web traffic by reading unspecified files.... Read more

    Affected Products : host_data_loss_prevention
    • EPSS Score: %0.06
    • Published: Aug. 22, 2012
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2014-6146

    IBM Sterling B2B Integrator 5.2.x through 5.2.4, when the Connect:Direct Server Adapter is configured, does not properly process the logging configuration, which allows local users to obtain sensitive information by reading log files.... Read more

    Affected Products : sterling_b2b_integrator
    • EPSS Score: %0.06
    • Published: Nov. 08, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2011-1074

    crontab.c in crontab in FreeBSD allows local users to determine the existence of arbitrary directories via a command-line argument composed of a directory name concatenated with a directory traversal sequence that leads to the /etc/crontab pathname.... Read more

    Affected Products : freebsd
    • EPSS Score: %0.02
    • Published: Mar. 04, 2011
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-1999-0078

    pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.... Read more

    Affected Products : aix hp-ux sunos freebsd bsd_os unixware openserver irix up-ux_v mp-ras +1 more products
    • EPSS Score: %0.14
    • Published: Apr. 18, 1996
    • Modified: Apr. 03, 2025

  • 1.9

    LOW
    CVE-2006-6698

    The GConf daemon (gconfd) in GConf 2.14.0 creates temporary files under directories with names based on the username, even when GCONF_GLOBAL_LOCKS is not set, which allows local users to cause a denial of service by creating the directories ahead of time,... Read more

    Affected Products : gconf
    • EPSS Score: %0.16
    • Published: Dec. 22, 2006
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2012-6140

    pam_google_authenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem op... Read more

    Affected Products : authenticator
    • EPSS Score: %0.03
    • Published: Apr. 24, 2013
    • Modified: Apr. 11, 2025

  • 1.9

    LOW
    CVE-2014-5423

    CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 allows local users to obtain potentially sensitive information by reading a temporary (1) debugging file or (2) developer file.... Read more

    Affected Products : pyxis_supplystation
    • EPSS Score: %0.06
    • Published: Oct. 19, 2014
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2005-1488

    Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) the E-mail address, Note, or Public Certificate fields to address.ht... Read more

    Affected Products : web_mail mail_server
    • EPSS Score: %0.05
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 1.9

    LOW
    CVE-2014-5232

    The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows local users to bypass an intended application-password requirement by leveraging the running of the app in the background state.... Read more

    • EPSS Score: %0.05
    • Published: Jan. 14, 2015
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2008-3876

    Apple iPhone 2.0.2, in some configurations, allows physically proximate attackers to bypass intended access restrictions, and obtain sensitive information or make arbitrary use of the device, via an Emergency Call tap and a Home double-tap, followed by a ... Read more

    Affected Products : iphone
    • EPSS Score: %0.06
    • Published: Sep. 02, 2008
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2015-4808

    Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via vectors related to Outside In Filters, a different vulnerability than CVE-2015-6013, ... Read more

    Affected Products : fusion_middleware
    • EPSS Score: %0.12
    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 1.9

    LOW
    CVE-2006-7162

    PuTTY 0.59 and earlier uses weak file permissions for (1) ppk files containing private keys generated by puttygen and (2) session logs created by putty, which allows local users to gain sensitive information by reading these files.... Read more

    Affected Products : putty putty
    • EPSS Score: %0.04
    • Published: Mar. 07, 2007
    • Modified: Apr. 09, 2025

  • 1.9

    LOW
    CVE-2023-20518

    Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality.... Read more

    Affected Products :
    • Published: Aug. 13, 2024
    • Modified: Nov. 05, 2024
Showing 20 of 291625 Results