Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2011-1356

    IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows local users to obtain sensitive stack-trace information via a crafted Administration Console request.... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %0.06
    • Published: Jul. 19, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2020-16237

    Philips SureSigns VS4, A.07.107 and prior receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.... Read more

    • EPSS Score: %0.06
    • Published: Aug. 21, 2020
    • Modified: Jun. 04, 2025

  • 2.1

    LOW
    CVE-2011-1840

    The MartiniCreations PassmanLite Password Manager application before 1.48 for Android stores the master password and unspecified other account information in cleartext, which allows local users to obtain sensitive information by leveraging shell access.... Read more

    • EPSS Score: %0.06
    • Published: May. 13, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2011-1828

    usb-creator-helper in usb-creator before 0.2.28.3 does not enforce intended PolicyKit restrictions, which allows local users to perform arbitrary unmount operations via the UnmountFile method in a dbus-send command.... Read more

    Affected Products : usb-creator
    • EPSS Score: %0.06
    • Published: May. 16, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2004-0563

    The tspc.conf configuration file in freenet6 before 0.9.6 and before 1.0 on Debian Linux has world readable permissions, which could allow local users to gain sensitive information, such as a username and password.... Read more

    Affected Products : freenet6
    • EPSS Score: %0.05
    • Published: Dec. 23, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2011-0995

    The sqlite3-ruby gem in the rubygem-sqlite3 package before 1.2.4-0.5.1 in SUSE Linux Enterprise (SLE) 11 SP1 uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors.... Read more

    • EPSS Score: %0.04
    • Published: May. 13, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2011-1834

    utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly maintain the mtab file during error conditions, which allows local users to cause a denial of service (table corruption) or bypass intended unmounting restrictions via a umount s... Read more

    Affected Products : ecryptfs_utils ecryptfs-utils
    • EPSS Score: %0.06
    • Published: Feb. 15, 2014
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2011-1080

    The do_replace function in net/bridge/netfilter/ebtables.c in the Linux kernel before 2.6.39 does not ensure that a certain name field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memor... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.08
    • Published: Jun. 21, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2011-1307

    The installer in IBM WebSphere Application Server (WAS) before 7.0.0.15 uses 777 permissions for a temporary log directory, which allows local users to have unintended access to log files via standard filesystem operations, a different vulnerability than ... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %0.05
    • Published: Mar. 08, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2011-1327

    The Keystroke Encryption feature in Trend Micro Internet Security 2009 (aka Virus Buster 2009 and PC-cillin 2009) does not completely encrypt passwords, which allows local users to obtain sensitive information by leveraging a keylogger.... Read more

    Affected Products : trend_micro_internet_security
    • EPSS Score: %0.12
    • Published: May. 20, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2011-1742

    EMC Data Protection Advisor before 5.8.1 places cleartext account credentials in the DPA configuration file in unspecified circumstances, which might allow local users to obtain sensitive information by reading this file.... Read more

    Affected Products : data_protection_advisor
    • EPSS Score: %0.08
    • Published: Aug. 01, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2025-22149

    JWK Set (JSON Web Key Set) is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite ... Read more

    Affected Products :
    • Published: Jan. 09, 2025
    • Modified: May. 23, 2025
    • Vuln Type: Misconfiguration

  • 2.1

    LOW
    CVE-2015-0077

    The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly initialize function bu... Read more

    • EPSS Score: %5.16
    • Published: Mar. 11, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-7230

    The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.... Read more

    Affected Products : ubuntu_linux openstack nova cinder trove
    • EPSS Score: %0.12
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-7231

    The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading t... Read more

    Affected Products : openstack nova cinder trove
    • EPSS Score: %0.16
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2006-3813

    A regression error in the Perl package for Red Hat Enterprise Linux 4 omits the patch for CVE-2005-0155, which allows local users to overwrite arbitrary files with debugging information.... Read more

    Affected Products : enterprise_linux
    • EPSS Score: %0.10
    • Published: Aug. 11, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2014-8399

    The default configuration in systemd-shim 8 enables the Abandon debugging clause, which allows local users to cause a denial of service via unspecified vectors.... Read more

    Affected Products : shim
    • EPSS Score: %0.13
    • Published: Oct. 31, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-1106

    The QuickType feature in the Keyboards subsystem in Apple iOS before 8.3 allows physically proximate attackers to discover passcodes by reading the lock screen during use of a Bluetooth keyboard.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.07
    • Published: Apr. 10, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-4446

    Mail Service in Apple OS X Server before 4.0 does not enforce SACL changes until after a service restart, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a change made by an admin... Read more

    Affected Products : os_x_server
    • EPSS Score: %0.12
    • Published: Oct. 18, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-3756

    The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 certificate acceptance within the lock screen, which allows physically proximate attackers to establish arbitrary certificate trust relationships by completing a dialog.... Read more

    Affected Products : iphone_os
    • EPSS Score: %0.04
    • Published: Aug. 16, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 292495 Results